Breaking Application Logic with Negative User Input

Written by Yuval Batan on

While delivering impressive features, the complex logic that powers modern web applications can create unforeseen security weaknesses. Even seemingly minor flaws in these systems’ underlying business logic can be exploited… read more

Exploiting Android Architecture

Written by Yuval Batan on

The Android operating system powers millions of smartphones worldwide, offering users an excessive number of applications responsible for every aspect of our lives, from personal organization to online banking applications.… read more

Exploiting a File Upload Mechanism to Gain RCE

Written by Sagiv Michael on

Imagine uploading a photo to your favorite social media site, only to unknowingly grant hackers complete control over the server. This scenario, while frightening, is precisely what a Remote Code… read more

HTTP Security Headers

Written by Itamar Rom on

As web applications continue to utilize new and advanced technologies day by day, these technologies can sometimes introduce risks and unknowingly expose them to different vulnerabilities. To achieve the goal… read more

Insecure Randomness

Written by Eldar Zavida on

In the digital world, web security is a powerful shield protecting sensitive data and online activities. At the heart of this defense lies the concept of randomness, which is the… read more

Cracking JWT Vulnerabilities

Written by Yuval Batan on

JSON Web Tokens (JWTs) are a crucial and wide part of modern web authentication and authorization systems. However, if this technology is not implemented correctly, malicious actors can exploit it… read more

Bypassing Content-Security-Policy (CSP)

Written by Sagiv Michael on

Web applications are becoming increasingly complex, offering users a wide array of features. However, this complexity comes with a heightened risk of security vulnerabilities. One common and serious threat is… read more

Top 10 Node.js Security Best Practices

Written by Sagiv Michael on

Node.js is an open-source, cross-platform JavaScript runtime environment built on Chrome’s V8 JavaScript engine. It allows developers to execute JavaScript code outside a web browser, making it an excellent choice… read more

Exploiting OpenID for Account Takeover

Written by Eldar Zavida on

While conducting a penetration test on a web application by Clear Gate, a critical finding was discovered, which allowed taking over any user account by exploiting a misconfiguration in the… read more

Firebase Common Security Misconfigurations

Written by Bar Hajby on

Optimization and scalability take center stage in the rapidly evolving application development field. Google Firebase, a comprehensive cloud-based platform, equips developers with potent tools for efficient server-side development. This article… read more