News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO27001
All
SOC2
All
Vulnerabilities
All
Mitigations

Blind SSTI

In the ever-evolving landscape of web application security, one vulnerability that continues to haunt developers is Blind Server-Side Template Injection (SSTI). This stealthy exploit can have devastating consequences, allowing attackers to execute arbitrary code on the server, leading to data breaches, unauthorized access, and more. In this blog post, we'll delve into what Blind SSTI is, examine real-life examples, and provide practical mitigation guidelines with code samples.

Vulnerabilities

Anti Clickjacking Header

One often overlooked yet potentially dangerous web application vulnerability is clickjacking. In this blog post, we'll explore what clickjacking is, delve into real-life examples, and provide detailed mitigation guidelines, including code samples, for implementing anti-clickjacking headers.

Vulnerabilities

X-Aspnet-Version

One web Application vulnerability that often flies under the radar is the x-aspnet-version disclosure. This can expose your application to potential threats if not handled with care. In this blog post, we'll dive into the details of the x-aspnet-version vulnerability, explore real-life examples, and provide practical mitigation guidelines with code samples.

Vulnerabilities

CSP Wildcard Directive

As cyber threats evolve, developers must stay vigilant against vulnerabilities that could compromise user data and system integrity. In this blog, we'll delve into the specifics of a common web application security vulnerability - the Content Security Policy (CSP) wildcard directive - and explore real-life examples along with practical mitigation guidelines and code samples.

Vulnerabilities

X-Content-Type-Options Header Missing

Web application developers face the constant challenge of safeguarding their applications against various vulnerabilities. One often overlooked but critical aspect is the absence of the X-Content-Type-Options header, which can expose web applications to potential security risks. In this blog, we'll explore the significance of the X-Content-Type-Options header, understand the associated risks, and provide practical guidelines with real-life examples to mitigate these risks.

Vulnerabilities

Policies for AI-focused startups

Creating a comprehensive set of cybersecurity policies is crucial for an AI-focused software startup to ensure the confidentiality, integrity, and availability of its information assets. Below is a list of essential cybersecurity policies that such a company may need.

SOC2