News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

File Upload

File upload vulnerabilities are a common type of security issue that can leave your web application exposed to various forms of attacks. These vulnerabilities occur when improper validation or sanitization of user-uploaded files allows malicious files to be uploaded, leading to potential compromise of your application and server.

Vulnerabilities

CORS Misconfiguration

Cross-Origin Resource Sharing (CORS) is a security feature implemented in web browsers to control how web pages hosted on one domain can request and interact with resources from another domain. A misconfigured CORS policy can expose your web application to potential security risks.

CORS Header

Cross-Origin Resource Sharing (CORS) is a security feature implemented in web browsers to prevent unauthorized access to resources on different domains. The 'CORS Header' vulnerability indicates that your web application is not properly configured to enforce the necessary CORS policies. This may lead to potential security risks, such as cross-site request forgery (CSRF) and data leakage.

Vulnerabilities

Web Cache Deception

'Web Cache Deception' is a critical vulnerability that occurs when an attacker manipulates the caching mechanisms of a web server to serve cached content meant for one user to another user. This could lead to unauthorized access, exposure of sensitive data, and potential security breaches.

Vulnerabilities

Bypassing 403

The 'Bypassing 403' vulnerability occurs when an attacker finds a way to bypass the HTTP 403 Forbidden response, gaining unauthorized access to restricted resources.

Vulnerabilities

JWT Scan Rule

JSON Web Tokens (JWT) are widely used for authentication and authorization in web applications. However, improper implementation or configuration of JWT can lead to the 'JWT Scan Rule' vulnerability that attackers can exploit.

Vulnerabilities