News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

Spring4Shell

The 'Spring4Shell' vulnerability is a security flaw that affects applications built on the Spring Framework, particularly those using Spring's Expression Language (SpEL) for dynamic expression evaluation. This vulnerability could allow attackers to execute arbitrary code on your server, leading to potential compromise of sensitive data and unauthorized access.

Exponential Entity Expansion (Billion Laughs Attack)

The 'Exponential Entity Expansion' vulnerability, also known as the 'Billion Laughs Attack' is a common vulnerability that can compromise the security and performance of your web application. This attack leverages XML entity expansion to exhaust system resources and cause denial-of-service (DoS) conditions.

Vulnerabilities

Log4Shell (CVE-2021-45046)

The Log4Shell vulnerability (CVE-2021-45046) is a critical security flaw that affects the Apache Log4j library, which is commonly used in Java-based web applications for logging purposes. This vulnerability allows remote attackers to execute arbitrary code on the targeted server, potentially leading to a complete compromise of the application and the underlying system.

Vulnerabilities

Log4Shell (CVE-2021-44228)

The Log4Shell vulnerability (CVE-2021-44228) is a critical security flaw that affects the Apache Log4j library, a popular Java-based logging framework. Exploiting this vulnerability could lead to remote code execution, giving attackers full control over the affected system.

Vulnerabilities

Log4Shell

The 'Log4Shell' vulnerability refers to a critical flaw in the Apache Log4j library, which could allow remote attackers to execute arbitrary code on a target system.

Vulnerabilities

Spring Actuator Information Leak

Spring Boot Actuator is a module within Spring Boot that provides production-ready features to help manage and monitor your application. However, if not properly secured, it can expose sensitive endpoints and information, making it a prime target for attackers. This is known as The 'Spring Actuator Information Leak' vulnerability.