News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

ELMAH Information Leak

The ELMAH (Error Logging Modules and Handlers) Information Leak vulnerability is a common issue in web applications that utilize ELMAH for error logging and handling. If the ELMAH is not configured correctly, it can expose sensitive information to potential attackers.

Vulnerabilities

SQL Injection - MsSQL

SQL Injection is a severe security vulnerability that allows attackers to manipulate a web application's database queries by inserting malicious SQL code. The vulnerability 'SQL Injection - MsSQL' refers to this vulnerability when using Microsoft SQL Server (MsSQL) as the database management system in your web application.

Vulnerabilities

Cross Site Scripting (DOM Based)

Cross-Site Scripting (XSS) is a severe vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. With the DOM-based XSS, the vulnerability lies in the client-side JavaScript code, making it challenging to detect and mitigate.

Proxy Disclosure

Proxy Disclosure is a security vulnerability that arises when a web application fails to properly handle proxy headers. Attackers can exploit this weakness to bypass security controls, access sensitive information, or launch various attacks.

Vulnerabilities

SQL Injection - SQLite

SQL Injection is a critical web application vulnerability that allows attackers to manipulate or extract data from a database. SQLite, being a popular database engine, is also prone to SQL Injection attacks.

Vulnerabilities

Possible Username Enumeration

The 'Possible Username Enumeration' vulnerability occurs when an attacker can determine valid usernames on a web application by exploiting the differences in responses for valid and invalid usernames during the login process. This information can be used to conduct brute-force attacks and gain unauthorized access.

Vulnerabilities