Cross-Site Request Forgery (CSRF) explained
What is CSRF and how can you fix it? Fredrik explains how CSRF is created and how it can be used to exploit a user or a website. He also provides tips on how to mitigate it.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Sender Policy Framework (SPF) explained
By default emails do not have any Sender Policy Framework set. If left unattended, this leaves your company and stakeholders vulnerable to email spoofing attacks. This video explains what SPF is and what steps to take in order to configure these settings to make your email secure.
Cross-site scripting (XSS) explained
What is cross-site scripting (XSS)? Detectify security researcher and co-founder Fredrik Almroth (@Almroot) explains this common web vulnerability, how can it be executed using javascript, its impact and how to fix it.
XSS using quirky implementations of ACME http-01
TL;DR Some hosting providers implemented http-01 having one part of the challenge key reflected in the response. This resulted in a huge amount of websites being vulnerable to XSS just because of their implementation of the http-01 ACME-challenge.
Resilience in the Age of Automated Hacking
When we think about cyber attacks, we usually think about the malicious actors behind the attacks, the people who profit or gain from exploiting digital vulnerabilities and trafficking sensitive data. In doing so, we can make the mistake of ascribing the same humanity to their methods, thinking of people sitting in front of laptops, typing code into a terminal window.
Bypassing and exploiting Bucket Upload Policies and Signed URLs
TL;DR Bucket upload policies are a convenient way to upload data to a bucket directly from the client. Going through the rules in upload policies and the logic related to some file-access scenarios we show how full bucket object listings were exposed with the ability to also modify or delete existing files in the bucket.
Detectify | Meet the Hacker - Fredrik Nordberg Almroth
Our second Meet The Hacker episode features none other than Fredrik Almroth, one of our founding security researchers and Head of Engineering! Some of you may know him as @almroot! At the office Fredrik is heading up our team to keep all Detectify’s users secure and our tool awesome.
Detectify Crowdsource | Meet the Hacker-Gerben Janssen van Doorn
Are you interested in ethical hacking but aren’t sure where to start? A formal degree is definitely not required. We sat down with one of our top-ranked Detectify Crowdsource hackers, Gerben Janssen van Doorn, and asked him about his white-hat journey so far. In this video he shares why XSS is key for getting started and its role in keeping your web security secure.
How hackers approach Magento sites | Video by Detectify
Have you ever wondered how a hacker would analyze and attack a Magento website? We picked the brains of two ethical hackers to find out. Detectify’s security experts Linus Särud and Fredrik Almroth share their insights and tips to help you keep your Magento store safe from hackers.