News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

XZ Utils Vulnerability in Linux (CVE-2024-3094)

A critical vulnerability (CVE-2024-3094) was discovered in the widely used XZ Utils library, a data compression suite present in most Linux distributions. This vulnerability stemmed from malicious code injected by a compromised maintainer.


Permissions Policy Header Not Set

One often overlooked web application security aspect is the Permissions Policy Header, a crucial mechanism to control various browser features and APIs that might pose risks to your web application's security. In this blog, we'll delve into the significance of setting the Permissions Policy Header, explore real-life examples of its vulnerabilities, and provide actionable mitigation strategies with code samples.‍


Cloud Metadata Potentially Exposed

One critical web application vulnerability that continues to pose a significant threat is the exposure of cloud metadata. Cloud metadata can be exploited by attackers to gain unauthorized access and potentially compromise the entire system. In this blog, we will explore real-life examples of cloud metadata exposure and provide detailed mitigation guidelines, including code samples, to help you safeguard your web applications.


Multiple X-Frame-Options Header Entries

Web application developers must be vigilant against various vulnerabilities that can compromise user data and privacy. One such vulnerability is the presence of multiple X-Frame-Options header entries. This vulnerability can expose your web application to clickjacking attacks. In this blog post, we'll delve into the intricacies of this vulnerability, explore real-life examples, and provide practical mitigation guidelines with code samples.


Server Leaks Version Information Via "Server" http Response Header Field

One commonly overlooked web application vulnerability is the leakage of server version information. Many web servers include a "Server" HTTP response header field that can inadvertently reveal crucial information about the server software and its version. In this blog post, we'll explore the implications of server version information leakage, discuss real-life examples, and provide practical mitigation strategies with code samples to help you secure your web applications.


Cross-Domain JavaScript Source File Inclusion

Among the various web application vulnerabilities, Cross-Domain JavaScript Source File Inclusion (XDSFI) is a particularly dangerous one. In this blog post, we will explore the nature of XDSFI, provide real-life examples, and discuss effective mitigation strategies with code samples.‍