News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

PII Disclosure

PII (Personally Identifiable Information) disclosure is a serious security vulnerability that occurs when sensitive information, such as name, address, social security number, or other sensitive data, is exposed to unauthorized individuals. The consequences of PII disclosure can be significant, including identity theft, financial fraud, and other security breaches.

Vulnerabilities

X-AspNet-Version Response Header

The 'X-AspNet-Version Response Header' vulnerability is a common security issue that affects web applications built on the ASP.NET framework. This vulnerability occurs when the web server reveals the version of ASP.NET in the response headers, which can potentially provide valuable information to attackers.

Vulnerabilities

GET for POST

The 'GET for POST' vulnerability occurs when a web application uses the GET method to perform actions that should be restricted to the POST method. This vulnerability can expose sensitive data and lead to various security risks.

Vulnerabilities

Username Hash Found

The 'Username Hash Found' vulnerability occurs when the username of a user is found in a hash format, which can be easily decoded by an attacker. This can lead to a potential data breach, as attackers can gain access to user accounts and sensitive information.

Vulnerabilities

X-Debug-Token Information Leak

X-Debug-Token Information Leak is a vulnerability that can allow attackers to obtain sensitive information about the application's environment and configuration, which could potentially be used to launch further attacks.

Vulnerabilities

CSP: Header & Meta

CSP is a security mechanism for web applications to prevent cross-site scripting (XSS) attacks, clickjacking, and other code injection attacks. CSP allows web developers to define the sources from which web resources can be loaded and executed. The vulnerability 'CSP: Header & Meta' refers to the absence of a CSP header or the presence of an insecure policy. This can allow the loading of resources from arbitrary sources, making it easier for attackers to inject malicious code into the web application.

Vulnerabilities