News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

WSDL File Detection

The 'SDL File Detection' vulnerability occurs when an attacker can identify the presence of Web Services Description Language (WSDL) files on your web server. WSDL files provide information about the web services your application uses, and unauthorized access to them can expose sensitive data and potentially lead to other security issues.

SOAP XML Injection

SOAP (Simple Object Access Protocol) is a widely used protocol for exchanging structured information in web services. A SOAP XML Injection vulnerability occurs when an attacker can manipulate the XML input to the web service in such a way that it leads to unintended behavior or reveals sensitive information.

Vulnerabilities

Insecure HTTP Method

The 'Insecure HTTP Method' vulnerability can expose your application to various risks, including unauthorized access, data manipulation, and more. It occurs when your web application uses HTTP methods in an insecure or unintended manner.

Vulnerabilities

Cookie Slack Detector

The 'Cookie Slack Detector' vulnerability occurs when your web application unintentionally exposes sensitive data in the HTTP response headers, typically through cookies. Attackers can exploit this to gain unauthorized access or gather sensitive information about your application.

Vulnerabilities

SOAP Action Spoofing

SOAP (Simple Object Access Protocol) is a protocol used for exchanging structured information in the implementation of web services. SOAP Action Spoofing is a security vulnerability that can occur when an attacker manipulates the SOAP action in a web service request to execute unintended actions or gain unauthorized access to a web application.

Vulnerabilities

Expression Language Injection

Expression Language Injection (EL Injection) is a serious security vulnerability that can allow attackers to execute arbitrary code on your web application server. It occurs when an application allows user input to be directly evaluated as an expression in the underlying programming language, typically in web templates or within dynamically generated content.

Vulnerabilities