Oct 4, 2019 | By Detectify
Detectify now has a built-in detection for vBulletin RCE CVE-2019-16759, thanks to a report from our Crowdsource community. Last week, a proof-of-concept exploit for a Remote Code Execution (RCE) vulnerability for vBulletin forum software CVE 2019-16759 was disclosed publicly. The vulnerability was exploited in the wild and actively being exploited by malicious attackers.
Oct 3, 2019 | By Detectify
Finding a zero-day (0-day) is probably one of the best feelings in the world for a hacker, and sometimes we receive these submissions through Detectify Crowdsource, our bug bounty platform. This article will explain how Detectify handles 0-days with transparency to responsibly work with vendors, researchers and customers with the disclosure.
Oct 3, 2019 | By Detectify
Karim Rahal, Detectify Crowdsource hacker, is a 17-year-old web-hacker who has been hacking for the greater part of his teenager years. At age 13, he started to responsibly disclose vulnerabilities—and he even blogged about one he found in Spotify! Karim still makes time for bug bounty programs, despite school. We asked Karim to tell us why Firefox is the best choice from a white hat hacker’s point-of-view.
Sep 19, 2019 | By Detectify
Detectify Crowdsource hacker, Alyssa Herrera, is a full-time bug bounty hacker and web application security researcher who works to protect organizations. She was one of several Crowdsource hackers to submit a working proof of concept for File Disclosure in Pulse Secure Connect (CVE-2019-11510). This guest blog post will walk through how she developed an exploitable-payload for this vulnerability.
Sep 5, 2019 | By Detectify
The backend developer team at Detectify has been working with Go for some years now, and it’s the language chosen by us to power our microservices. We think Go is a fantastic language and it has proven to perform very well for our operations. It comes with a great tool-set, such as the tool we’ll touch on later on called pprof. However, even though Go performs very well, we noticed one of our microservices had a behavior very similar to that of a memory leak.
May 28, 2019 | By Detectify
This Meet the Hacker episode features Detectify Crowdsource hacker, Linus Särud aka @_zulln. He is a security researcher at Detectify and he specializes in finding web application vulnerabilities. Linus started hacking when he was in his early teens and found a bug in Google Translate.
Apr 11, 2019 | By Detectify
Detectify is a scalable web app security scanner that automates 1000+ security tests to help you release secure applications. With Detectify, you can test your code with real exploits to identify and fix vulnerabilities in both staging and production environments. The service is continually updated with new security tests thanks to Detectify Crowdsource, a global network of handpicked security researchers.
Mar 21, 2019 | By Detectify
Object-Graph Navigation Language (OGNL) is an expression language for handling Java objects. When an OGNL expression injection vulnerability is present, it is possible for the attacker to inject OGNL expressions. Many critical Apache Struts CVEs are the result of GNL expression injection. Watch our short attack demo video where we explain Apache Struts OGNL expression injection and how it works.
Jan 2, 2019 | By Detectify
Great to see you’re interested in using Detectify to check your web application security! Here is a video demo to walk you through the Detectify tool to get started, add a scan profile, integration options, profile settings and show you how each of our features work. This will also show you how to use the API.