News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

Insufficient Site Isolation Against Spectre Vulnerability

The 'Insufficient Site Isolation Against Spectre' vulnerability exploits the speculative execution mechanism in modern processors to leak sensitive data across different browser tabs or processes, potentially leading to the leakage of sensitive data from one context to another, such as from one tab to another in a browser.

Vulnerabilities

Sub Resource Integrity Attribute Missing

The 'Sub Resource Integrity Attribute Missing' vulnerability occurs when your web application includes external resources, such as scripts and stylesheets, without verifying their integrity. Attackers can exploit this by manipulating or injecting malicious code into these resources, leading to potential security breaches.

Vulnerabilities

Java Serialization Object

Java Serialization Object vulnerabilities can pose a significant threat to web applications by allowing attackers to execute arbitrary code, leading to potential data breaches, unauthorized access, and system compromise.

Insecure JSF ViewState

The ViewState in JSF is a critical component that stores the state of the UI components and their values. An insecure ViewState can expose sensitive information or allow attackers to modify the state, potentially leading to security breaches.

Vulnerabilities

Text4shell (CVE-2022-42889)

The Text4shell vulnerability (CVE-2022-42889) is a security flaw that affects web applications and enables attackers to execute malicious shell commands remotely. This vulnerability arises from improper handling of user-generated text inputs that are executed as shell commands without proper validation.

Vulnerabilities

Server Side Request Forgery

Server Side Request Forgery (SSRF) is a critical security vulnerability that allows attackers to manipulate a web application to make unintended requests to internal resources, often leading to unauthorized access to sensitive data or services.

Vulnerabilities