News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

Multiple X-Frame-Options Header Entries

Web application developers must be vigilant against various vulnerabilities that can compromise user data and privacy. One such vulnerability is the presence of multiple X-Frame-Options header entries. This vulnerability can expose your web application to clickjacking attacks. In this blog post, we'll delve into the intricacies of this vulnerability, explore real-life examples, and provide practical mitigation guidelines with code samples.

Vulnerabilities

Server Leaks Version Information Via "Server" http Response Header Field

One commonly overlooked web application vulnerability is the leakage of server version information. Many web servers include a "Server" HTTP response header field that can inadvertently reveal crucial information about the server software and its version. In this blog post, we'll explore the implications of server version information leakage, discuss real-life examples, and provide practical mitigation strategies with code samples to help you secure your web applications.

Vulnerabilities

Cross-Domain JavaScript Source File Inclusion

Among the various web application vulnerabilities, Cross-Domain JavaScript Source File Inclusion (XDSFI) is a particularly dangerous one. In this blog post, we will explore the nature of XDSFI, provide real-life examples, and discuss effective mitigation strategies with code samples.‍

Vulnerabilities

Blind SSTI

In the ever-evolving landscape of web application security, one vulnerability that continues to haunt developers is Blind Server-Side Template Injection (SSTI). This stealthy exploit can have devastating consequences, allowing attackers to execute arbitrary code on the server, leading to data breaches, unauthorized access, and more. In this blog post, we'll delve into what Blind SSTI is, examine real-life examples, and provide practical mitigation guidelines with code samples.

Vulnerabilities

Anti Clickjacking Header

One often overlooked yet potentially dangerous web application vulnerability is clickjacking. In this blog post, we'll explore what clickjacking is, delve into real-life examples, and provide detailed mitigation guidelines, including code samples, for implementing anti-clickjacking headers.

Vulnerabilities

X-Aspnet-Version

One web Application vulnerability that often flies under the radar is the x-aspnet-version disclosure. This can expose your application to potential threats if not handled with care. In this blog post, we'll dive into the details of the x-aspnet-version vulnerability, explore real-life examples, and provide practical mitigation guidelines with code samples.

Vulnerabilities