Articles

In a previous post regarding Subdomain takeovers the term was explained, and in a subsequent post there was a demo showing it in action. Although being quite a severe issue and companies being affected, generally these haven’t been a subject on news related sites.   However, recently...

A typosquatting attack involves the attacker creating a library title that is intentionally mistyped, so it differs from the original correct one. Once completed, it’s a waiting game for potential victims to accidentally misspell or type a library name and end up with one that...

In this second part there will be a demonstration of a subdomain takeover in action, using the example from the previous post. Firstly, we need to create the server instance that will be utilised throughout this example:     From here we link to this server instance with...

In a previous post we touched upon a little about subdomain takeovers, however, this was only brief. So, here we will be discussing this in more detail. In summary, a subdomain takeover is a vulnerability which occurs when there is some sort of misconfiguration (generally...

In this slightly shorter post, we’ll be discussing a recent update to Google’s SameSite cookie changes. In previous posts it was explained that Google was making a change to its Chrome browser which enforces the SameSite cookie attribute. These posts can be found here: Part 1:...

In this post we’ll be talking about an explanation to a previous post regarding exposed repositories via version control platforms. This will be related to use of self-hosted product of the cloud-hosted platform.   First, let's do a quick recap. The use of public repositories is good,...

  In past blog posts it has been discussed how developers could be targeted, especially with the level of access they would generally have. However, some of these areas of attack wouldn’t be possible if it wasn’t for another technique which doesn’t technically require any use...

  This week, we will be looking at the 3rd Insecure Storage issue and understand its impact on App. We can see the 3rd part of Insecure Data Storage screen looks same as the previous exercise. New 3rd party service name and password has been entered and...

In this post we’ll be discussing the topic of Docker and how this could be used to target developers. Most readers will know what docker is, but for those who don’t know, Docker is simply a platform in which to allow applications to be packaged...

Continuing from some past posts regarding how developers could be targeted due to their roles playing a significant part in an organisation, this time we’ll be talking about Typosquatting and inclusion of libraries has a whole.    What is Typosquatting? This technique entails taking something that is...