code

Blog

Bypassing Content-Security-Policy (CSP)

Written by Sagiv Michael on


Web applications are becoming increasingly complex, offering users a wide array of features. However, this complexity comes with a heightened risk of security vulnerabilities. One common and serious threat is… read more

Top 10 Node.js Security Best Practices

Written by Sagiv Michael on


Node.js is an open-source, cross-platform JavaScript runtime environment built on Chrome’s V8 JavaScript engine. It allows developers to execute JavaScript code outside a web browser, making it an excellent choice… read more

Exploiting OpenID for Account Takeover

Written by Eldar Zavida on


While conducting a penetration test on a web application by Clear Gate, a critical finding was discovered, which allowed taking over any user account by exploiting a misconfiguration in the… read more

Firebase Common Security Misconfigurations

Written by Bar Hajby on


Optimization and scalability take center stage in the rapidly evolving application development field. Google Firebase, a comprehensive cloud-based platform, equips developers with potent tools for efficient server-side development. This article… read more

ReDoS Attacks

Written by Yuval Donana on


In cybersecurity, attackers constantly find new ways to exploit vulnerabilities in applications. One such technique that has gained attention in recent years is the ReDoS (Regular Expression Denial of Service)… read more

Web Cache Poisoning & Deception

Written by Bar Hajby on


Web caching is a vital mechanism that enhances website performance by reducing server load and improving page load times. It acts as an intermediary between a user’s web browser and… read more

How We Exploited Auth0 Misconfigurations

Written by Yuval Donana on


Auth0 is a powerful Identity Provider (IDP) solution widely used by organizations to implement secure authentication and authorization services. However, like any complex service, misconfigurations can occur, leading to potential… read more

RCE via Dependency Confusion Attack

Written by Sagiv Michael on


Efficiency and productivity are highly valued in the fast-paced software development world. Developers who work on complex projects require accessible and dependable external libraries, frameworks, and tools. This is where… read more

GraphQL Common Attack Vectors

Written by Yuval Donana on


GraphQL has quickly become popular for building APIs due to its flexibility and ease of use. However, like any technology, it is not immune to security vulnerabilities. The main focus… read more

SSRF with DNS Rebinding

Written by Sagiv Michael on


Server-Side Request Forgery (SSRF) is a type of attack that manipulates requests sent to a targeted system by exploiting server-side components, allowing attackers to gain unauthorized access to sensitive resources… read more