David Sopas – Web Security Researcher

Interesting Readings

21/10/15 Interesting Readings # , ,

Attacking Ruby on Rails

Attacking Ruby on Rails

I want to share a interesting reading that I noticed when searching Mr. G for Ruby security.
I still didn’t finished reading it because lack of time but this weekend this will be on my to-do list.

Paper: http://phrack.org/papers/attacking_ruby_on_rails.html

no responses
29/09/15 Interesting Readings # , ,

Bug Hunter Appreciation Programs

Interesting reading about security bug bounty written by Eduardo Vela – http://sirdarckcat.blogspot.pt/2015/09/not-about-money.html

You got to love this part:

It is my view, that we shouldn’t call them “Bug Bounty Programs”, I would like them to be called “Bug Hunter Appreciation Programs”. I don’t like the term “Bug Bounty”, because bounty sounds a lot like it’s money up for grabs, when the attitude is that of a gift, or a “thank you, you are awesome”.

no responses
25/09/15 Interesting Readings , Tips and Tricks # , , , , ,

Yahoo! and other sites vulnerable to Open Redirect

Yahoo! and other sites vulnerable to Open Redirect

A couple of portuguese security researchers published a article about a vulnerability on Linkedin and Yahoo! that allows a malicious user to redirect victims to other sites. The problem is/was located on a vulnerable version of Express – Node.js web application framework.

So with a simple modification in the URL you get a Open Redirect attack:




Both Yahoo! attacks are still open to attack and working in Firefox and Opera browsers.

I found out that many other sites are vulnerable to this attack including MySpace. Just searching on the official ExpressJS site you can get a list of big companies and start-ups vulnerable to this attack – http://expressjs.com/resources/applications.html

This is a easy fix – just update your Express Framework and you’re done!

one response
31/08/15 Interesting Readings # , ,

Ashley Madison it’s the final countdown

Ashley Madison it’s the final countdown

The final chapter of BinaryEdge work about Ashley Madison attack. Interesting data and just a little pick on it the percentage of female [fembots] are incredible low – 13.8%.


no responses
28/08/15 Interesting Readings # , ,

Ashley Madison hack and world map data

Ashley Madison hack and world map data

The guys from BinaryEdge did an excellent job on a world map data with the Ashley Madison information. Take a look at their blog post.

Also the Brian Krebs article about who hacked Ashley Madison is very good. Nice step-by-step investigation by the popular security journalist.


no responses
13/08/15 Bug Bounty , Interesting Readings # , ,

Interview to Tek Sapo about bug bounty

I was covered in a portuguese article for Tek Sapo about my bug bounty activities, specially at Cobalt.io.

If you know portuguese language feel free to take a look: http://tek.sapo.pt/expert/artigo/ha_um_portugues_no_top_de_um_dos_maiores_programas_de_caca_ao_bug-43785gpm.html

Or else translate it at Google.

no responses
13/08/15 Interesting Readings # ,

Data, Technologies and Security – Part 1

My portuguese friends at BinaryEdge published the first part of an interesting article about big and critical data lying around the web.

Take a look into it @ http://blog.binaryedge.io/2015/08/10/data-technologies-and-security-part-1/

no responses
10/08/15 Interesting Readings # , , ,

Cobalt.io published a nice interview about me

For those who want to know more about me and my work at Cobalt.io check the interview I gave to their blog.


#kudos to Cobalt.io

no responses