News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

Expression Language Injection

Expression Language Injection (EL Injection) is a serious security vulnerability that can allow attackers to execute arbitrary code on your web application server. It occurs when an application allows user input to be directly evaluated as an expression in the underlying programming language, typically in web templates or within dynamically generated content.

Vulnerabilities

Generic Padding Oracle

The ‘Generic Padding Oracle' vulnerability typically occurs in cryptographic implementations that use padding schemes, and an attacker can exploit this weakness to decrypt encrypted data by making a series of requests and analyzing the server's responses.

Vulnerabilities

XML External Entity Attack

XML External Entity (XXE) attacks occur when an attacker is able to manipulate XML input to include external entities that can lead to data disclosure, denial of service, and potentially remote code execution.

Vulnerabilities

Application Error Disclosure

The 'Application Error Disclosure' vulnerability occurs when your web application exposes sensitive information in error messages, stack traces, or debug mode. Attackers can use this information to gain insights into your application's architecture and potentially exploit vulnerabilities.

Vulnerabilities

XPath Injection

XPath Injection is a web application vulnerability that occurs when an attacker manipulates user input to modify the XPath query in a way not intended by the application developer. This type of vulnerability can lead to unauthorized access to sensitive data, data manipulation, and even denial of service attacks.

Vulnerabilities

Remote OS Command Injection

A 'Remote OS Command Injection' is a web application vulnerability that occurs when an attacker can inject malicious operating system commands into a web application, potentially leading to unauthorized access or data breaches.

Vulnerabilities