Blog
Cracking JWT Vulnerabilities
Written by Yuval Batan on
JSON Web Tokens (JWTs) are a crucial and wide part of modern web authentication and authorization systems. However, if this technology is not implemented correctly, malicious actors can exploit it… read more
Bypassing Content-Security-Policy (CSP)
Written by Sagiv Michael on
Web applications are becoming increasingly complex, offering users a wide array of features. However, this complexity comes with a heightened risk of security vulnerabilities. One common and serious threat is… read more
Top 10 Node.js Security Best Practices
Written by Sagiv Michael on
Node.js is an open-source, cross-platform JavaScript runtime environment built on Chrome’s V8 JavaScript engine. It allows developers to execute JavaScript code outside a web browser, making it an excellent choice… read more
Exploiting OpenID for Account Takeover
Written by Eldar Zavida on
While conducting a penetration test on a web application by Clear Gate, a critical finding was discovered, which allowed taking over any user account by exploiting a misconfiguration in the… read more
Firebase Common Security Misconfigurations
Written by Bar Hajby on
Optimization and scalability take center stage in the rapidly evolving application development field. Google Firebase, a comprehensive cloud-based platform, equips developers with potent tools for efficient server-side development. This article… read more
ReDoS Attacks
Written by Yuval Donana on
In cybersecurity, attackers constantly find new ways to exploit vulnerabilities in applications. One such technique that has gained attention in recent years is the ReDoS (Regular Expression Denial of Service)… read more
Web Cache Poisoning & Deception
Written by Bar Hajby on
Web caching is a vital mechanism that enhances website performance by reducing server load and improving page load times. It acts as an intermediary between a user’s web browser and… read more
How We Exploited Auth0 Misconfigurations
Written by Yuval Donana on
Auth0 is a powerful Identity Provider (IDP) solution widely used by organizations to implement secure authentication and authorization services. However, like any complex service, misconfigurations can occur, leading to potential… read more
RCE via Dependency Confusion Attack
Written by Sagiv Michael on
Efficiency and productivity are highly valued in the fast-paced software development world. Developers who work on complex projects require accessible and dependable external libraries, frameworks, and tools. This is where… read more
GraphQL Common Attack Vectors
Written by Yuval Donana on
GraphQL has quickly become popular for building APIs due to its flexibility and ease of use. However, like any technology, it is not immune to security vulnerabilities. The main focus… read more