News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

Base64 Disclosure in WebSocket message

The 'Base64 Disclosure in WebSocket message' is a web application vulnerability that could potentially expose sensitive information. It occurs when sensitive information is sent in a WebSocket message without proper encryption or obfuscation and can easily be intercepted and decoded by attackers.

Vulnerabilities

Application Error Disclosure via WebSockets

'Application Error Disclosure via WebSockets' occurs when your web application fails to handle errors correctly when using WebSockets. Errors or exceptions that occur during WebSocket communication might expose sensitive information to the client or attacker, which can be used to exploit other vulnerabilities or gain unauthorized access.

Server Side Template Injection (Blind)

Server Side Template Injection (SSTI) is a critical security vulnerability that allows attackers to execute arbitrary code on your web server. When it's detected in a blind form, it means that the vulnerability is not immediately visible through direct error messages or responses from the server.

Vulnerabilities

Server Side Template Injection

Server-Side Template Injection (SSTI) is a serious security vulnerability that occurs when an attacker can inject malicious code into a server-side template engine. This can lead to remote code execution, data leakage, and other security issues.

Vulnerabilities

Cloud Metadata Potentially Exposed

The 'Cloud Metadata Potentially Exposed' vulnerability typically involves the exposure of sensitive information in cloud metadata services. Attackers can exploit this information to gain unauthorized access or escalate privileges.

Vulnerabilities

Loosely Scoped Cookie

The 'Loosely Scoped Cookie' vulnerability can lead to various security risks, including session hijacking and unauthorized access to sensitive information. This occurs when a web application sets cookies with overly permissive scope or path attributes. This means that the cookie can be accessed by pages or scripts that it should not be accessible to.

Vulnerabilities