code

Blog

Exploiting OpenID for Account Takeover

Written by Eldar Zavida on


While conducting a penetration test on a web application by Clear Gate, a critical finding was discovered, which allowed taking over any user account by exploiting a misconfiguration in the… read more

Firebase Common Security Misconfigurations

Written by Bar Hajby on


Optimization and scalability take center stage in the rapidly evolving application development field. Google Firebase, a comprehensive cloud-based platform, equips developers with potent tools for efficient server-side development. This article… read more

ReDoS Attacks

Written by Yuval Donana on


In cybersecurity, attackers constantly find new ways to exploit vulnerabilities in applications. One such technique that has gained attention in recent years is the ReDoS (Regular Expression Denial of Service)… read more

Web Cache Poisoning & Deception

Written by Bar Hajby on


Web caching is a vital mechanism that enhances website performance by reducing server load and improving page load times. It acts as an intermediary between a user’s web browser and… read more

How We Exploited Auth0 Misconfigurations

Written by Yuval Donana on


Auth0 is a powerful Identity Provider (IDP) solution widely used by organizations to implement secure authentication and authorization services. However, like any complex service, misconfigurations can occur, leading to potential… read more

RCE via Dependency Confusion Attack

Written by Sagiv Michael on


Efficiency and productivity are highly valued in the fast-paced software development world. Developers who work on complex projects require accessible and dependable external libraries, frameworks, and tools. This is where… read more

GraphQL Common Attack Vectors

Written by Yuval Donana on


GraphQL has quickly become popular for building APIs due to its flexibility and ease of use. However, like any technology, it is not immune to security vulnerabilities. The main focus… read more

SSRF with DNS Rebinding

Written by Sagiv Michael on


Server-Side Request Forgery (SSRF) is a type of attack that manipulates requests sent to a targeted system by exploiting server-side components, allowing attackers to gain unauthorized access to sensitive resources… read more

SOP vs CORS

Written by Eldar Zavida on


In web development, it’s common for web applications to fetch data and resources from various sources. However, doing so can expose users to security and privacy risks. As a mitigation… read more

AWS Cognito Misconfigurations

Written by Eldar Zavida on


Amazon Cognito provides authentication, authorization, and a user management solution for systems such as web and mobile applications. Users can log in directly with a username and password or through… read more