Blog
Exploiting OpenID for Account Takeover
Written by Eldar Zavida on
While conducting a penetration test on a web application by Clear Gate, a critical finding was discovered, which allowed taking over any user account by exploiting a misconfiguration in the… read more
Firebase Common Security Misconfigurations
Written by Bar Hajby on
Optimization and scalability take center stage in the rapidly evolving application development field. Google Firebase, a comprehensive cloud-based platform, equips developers with potent tools for efficient server-side development. This article… read more
ReDoS Attacks
Written by Yuval Donana on
In cybersecurity, attackers constantly find new ways to exploit vulnerabilities in applications. One such technique that has gained attention in recent years is the ReDoS (Regular Expression Denial of Service)… read more
Web Cache Poisoning & Deception
Written by Bar Hajby on
Web caching is a vital mechanism that enhances website performance by reducing server load and improving page load times. It acts as an intermediary between a user’s web browser and… read more
How We Exploited Auth0 Misconfigurations
Written by Yuval Donana on
Auth0 is a powerful Identity Provider (IDP) solution widely used by organizations to implement secure authentication and authorization services. However, like any complex service, misconfigurations can occur, leading to potential… read more
RCE via Dependency Confusion Attack
Written by Sagiv Michael on
Efficiency and productivity are highly valued in the fast-paced software development world. Developers who work on complex projects require accessible and dependable external libraries, frameworks, and tools. This is where… read more
GraphQL Common Attack Vectors
Written by Yuval Donana on
GraphQL has quickly become popular for building APIs due to its flexibility and ease of use. However, like any technology, it is not immune to security vulnerabilities. The main focus… read more
SSRF with DNS Rebinding
Written by Sagiv Michael on
Server-Side Request Forgery (SSRF) is a type of attack that manipulates requests sent to a targeted system by exploiting server-side components, allowing attackers to gain unauthorized access to sensitive resources… read more
SOP vs CORS
Written by Eldar Zavida on
In web development, it’s common for web applications to fetch data and resources from various sources. However, doing so can expose users to security and privacy risks. As a mitigation… read more
AWS Cognito Misconfigurations
Written by Eldar Zavida on
Amazon Cognito provides authentication, authorization, and a user management solution for systems such as web and mobile applications. Users can log in directly with a username and password or through… read more