code

Blog

PHP Type Juggling Vulnerability

Written by Harel Levy on


to PHP Juggling Vulnerability Understanding the PHP type juggling vulnerability is crucial for developers: PHP is one of the most popular backend programming languages suited explicitly for web development. Its… read more

Blind XSS to Complete Account Takeover

Written by Yuval Batan on


Applications’ security remains a constant challenge. Particular vulnerabilities pose significant risks when left unaddressed. One such threat is Cross-Site Scripting (XSS), a flaw that allows attackers to inject and execute… read more

Firebase Authentication Misconfiguration

Written by Sagiv Michael on


Firebase Authentication, a Google-provided solution, simplifies user authentication for web and mobile apps with support for email and password, social logins, phone verification, and anonymous sign-ins. It integrates seamlessly with… read more

Single Packet Attack: Race Condition

Written by Bar Hajby on


Race condition vulnerabilities pose significant and often underestimated threats that can lead to severe consequences. These issues arise when multiple threads or processes compete to access shared resources, resulting in… read more

Subdomain Takeover Attack

Written by Bar Hajby on


While not as widely recognized as other cybersecurity threats, subdomain takeover attacks have gained significant attention in recent years due to their potential to cause severe security breaches. These attacks… read more

Account Takeover via JWT Misconfiguration

Written by Sagiv Michael on


In the fast-evolving mobile app security world, vulnerabilities often slip under the radar, posing significant risks to users and organizations. During a recent assessment of a client’s mobile application, our… read more

Account Takeover via OTP Mechanism

Written by Sagiv Michael on


During a penetration test of a client’s authentication mechanisms, we uncovered a critical vulnerability that can lead to a complete account takeover of any user within the system. This finding… read more

LLM Prompt Injection

Written by Yuval Batan on


Large Language Models (LLMs) are a type of Artificial Intelligence (AI) that have taken the tech world by storm. These powerful models are trained on massive amounts of data, allowing… read more

Breaking Application Logic with Negative User Input

Written by Yuval Batan on


While delivering impressive features, the complex logic that powers modern web applications can create unforeseen security weaknesses. Even seemingly minor flaws in these systems’ underlying business logic can be exploited… read more

Exploiting Android Architecture

Written by Yuval Batan on


The Android operating system powers millions of smartphones worldwide, offering users an excessive number of applications responsible for every aspect of our lives, from personal organization to online banking applications.… read more

Contact Us Now to Improve Security