Jun 14, 2019 | By Detectify
HTTP Response Splitting is a type of attack that occurs when an attacker can manipulate the response headers that will be interpreted by the client. This article goes into details on how this can be abused by an attacker to insert arbitrary headers and the impact of this type of attack.
May 28, 2019 | By Detectify
As companies compete with how fast new features and products can be released on the digital market, a byproduct of DevOps could be the neglect of sufficient and consistent information security throughout the pipeline – yes that means from start to the next improvement. Sure, automated security testing in production is a given, but what about during build and testing in the Continuous Integration and Continuous Delivery (CI/CD) Pipeline?
Meet the Hacker: Inti De Ceukelaire - "While everyone is looking for XSS I am just reading the docs."
May 3, 2019 | By Detectify
Inti was recently speaking at Detectify Hacker School, an event for customers where we have hacker talks and user cases presented to the audience. Afterwards our security researcher, Linus Särud, sat down with him for a hacker-to-hacker interview discussing how he got into bug bounty, his unconventional bug hunting ways and his take on why the European market is an ocean opportunity for bug bounty hunters.
May 2, 2019 | By Detectify
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
May 28, 2019 | By Detectify
This Meet the Hacker episode features Detectify Crowdsource hacker, Linus Särud aka @_zulln. He is a security researcher at Detectify and he specializes in finding web application vulnerabilities. Linus started hacking when he was in his early teens and found a bug in Google Translate.
Apr 11, 2019 | By Detectify
Detectify is a scalable web app security scanner that automates 1000+ security tests to help you release secure applications. With Detectify, you can test your code with real exploits to identify and fix vulnerabilities in both staging and production environments. The service is continually updated with new security tests thanks to Detectify Crowdsource, a global network of handpicked security researchers.
Mar 21, 2019 | By Detectify
Object-Graph Navigation Language (OGNL) is an expression language for handling Java objects. When an OGNL expression injection vulnerability is present, it is possible for the attacker to inject OGNL expressions. Many critical Apache Struts CVEs are the result of GNL expression injection. Watch our short attack demo video where we explain Apache Struts OGNL expression injection and how it works.
Jan 2, 2019 | By Detectify
Great to see you’re interested in using Detectify to check your web application security! Here is a video demo to walk you through the Detectify tool to get started, add a scan profile, integration options, profile settings and show you how each of our features work. This will also show you how to use the API.