News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

Source Code Disclosure - /WEB-INF folder

Source Code Disclosure is a serious vulnerability that can reveal sensitive information about your web application to attackers. The /WEB-INF folder is one of the most critical folders in a Java web application, as it contains important configuration files, libraries, and other resources that are not intended to be accessible to the public.

Vulnerabilities

Big Redirect Detected (Potential Sensitive Information Leak)

The 'Big Redirect Detected' vulnerability is a common issue that affects web applications. It occurs when an attacker can manipulate the URL or query string parameters in a way that causes the server to redirect to an unintended page. This can be exploited by an attacker to steal sensitive information, such as login credentials or session tokens, or to perform phishing attacks.

Vulnerabilities

User Controllable JavaScript Event (XSS)

Cross-site scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious code into web pages viewed by other users. This can allow the attacker to steal sensitive information such as login credentials or personal data. User controllable JavaScript event (XSS) is a type of XSS vulnerability that occurs when an attacker is able to inject malicious JavaScript code into a web application through user input.

Vulnerabilities

HTTPS to HTTP Insecure Transition in Form Post

The vulnerability known as "HTTPS to HTTP Insecure Transition in Form Post" occurs when a user logs in to a website using a secure HTTPS connection, but then is redirected to an insecure HTTP connection when submitting a form, which can lead to sensitive data being intercepted by attackers.

Vulnerabilities

HTTP to HTTPS Insecure Transition in Form Post

The HTTP to HTTPS Insecure Transition in Form Post vulnerability is a security issue that affects web applications that do not enforce secure communication during form submission. This vulnerability allows attackers to intercept and manipulate sensitive data transmitted over unsecured channels, leading to data theft, unauthorized access, and other malicious activities.

Secure Pages Include Mixed Content

The Secure Pages Include Mixed Content vulnerability arises when an HTTPS webpage includes HTTP resources, such as images, scripts, or stylesheets. This can be a security issue because it can allow attackers to modify the content of the page or intercept user data.

Vulnerabilities