News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

Cookie without SameSite Attribute

'Cookie without SameSite Attribute' is a web application vulnerability when cookies can be sent in all cross-site requests, including potentially malicious ones. This can be exploited by attackers to steal session data, perform CSRF attacks, and inject malicious scripts into a user's session.


Apache Range Header DoS (CVE-2011-3192)

Apache Range Header DoS (CVE-2011-3192) is a well-known vulnerability that affects Apache servers that support range requests. This vulnerability can allow attackers to send specially crafted range requests that can consume all the available resources on the server, leading to a denial of service (DoS) attack.

X-ChromeLogger-Data (XCOLD) Header Information Leak

The 'X-ChromeLogger-Data (XCOLD) Header Information Leak' is a web application vulnerability that occurs when the web application includes sensitive data in the XCOLD header, which can be accessed by attackers.


Relative Path Confusion

'Path traversal' or 'Directory traversal' is a web application vulnerability, where an attacker can access sensitive files and directories outside the intended directory or root directory. One of the types of path traversal vulnerability is called 'Relative Path Confusion.' This vulnerability allows an attacker to access files or directories outside the web application's root directory by exploiting a relative path traversal vulnerability.


Retrieved from Cache

The 'Retrieved from Cache' vulnerability occurs when sensitive information is stored in a cache, and an attacker can retrieve it by accessing the cache directly. This vulnerability can arise when an application caches sensitive data, such as user credentials, session tokens, or personal information, and does not properly clear the cache when the user logs out or the session expires.


Storable and Cacheable Content

Storable and Cacheable Content vulnerability is a type of vulnerability that affects web applications that use caching mechanisms. This vulnerability can allow an attacker to access sensitive information that is stored in the cache.