code

Blog

Subdomain Takeover Attacks

Written by Bar Hajby on


While not as widely recognized as other cybersecurity threats, subdomain takeover attacks have gained significant attention in recent years due to their potential to cause severe security breaches. These attacks… read more

Account Takeover via JWT Misconfiguration

Written by Sagiv Michael on


In the fast-evolving mobile app security world, vulnerabilities often slip under the radar, posing significant risks to users and organizations. During a recent assessment of a client’s mobile application, our… read more

Account Takeover via OTP Mechanism

Written by Sagiv Michael on


During a penetration test of a client’s authentication mechanisms, we uncovered a critical vulnerability that can lead to a complete account takeover of any user within the system. This finding… read more

LLM Prompt Injection

Written by Yuval Batan on


Large Language Models (LLMs) are a type of Artificial Intelligence (AI) that have taken the tech world by storm. These powerful models are trained on massive amounts of data, allowing… read more

Breaking Application Logic with Negative User Input

Written by Yuval Batan on


While delivering impressive features, the complex logic that powers modern web applications can create unforeseen security weaknesses. Even seemingly minor flaws in these systems’ underlying business logic can be exploited… read more

Exploiting Android Architecture

Written by Yuval Batan on


The Android operating system powers millions of smartphones worldwide, offering users an excessive number of applications responsible for every aspect of our lives, from personal organization to online banking applications.… read more

Exploiting a File Upload Mechanism to Gain RCE

Written by Sagiv Michael on


Imagine uploading a photo to your favorite social media site, only to unknowingly grant hackers complete control over the server. This scenario, while frightening, is precisely what a Remote Code… read more

HTTP Security Headers

Written by Itamar Rom on


As web applications continue to utilize new and advanced technologies day by day, these technologies can sometimes introduce risks and unknowingly expose them to different vulnerabilities. To achieve the goal… read more

Insecure Randomness

Written by Eldar Zavida on


In the digital world, web security is a powerful shield protecting sensitive data and online activities. At the heart of this defense lies the concept of randomness, which is the… read more

Cracking JWT Vulnerabilities

Written by Yuval Batan on


JSON Web Tokens (JWTs) are a crucial and wide part of modern web authentication and authorization systems. However, if this technology is not implemented correctly, malicious actors can exploit it… read more