My team has been working hard and we release more juicy stuff: – Common Security Mistakes when Developing Swift Applications – Part I – Meet NFCdrip – a New Security Concern for Air-Gapped Systems – What’s in Your Website? Lurking Risk from Third-party Resources – How Secure Are the Browser Extensions You Create? Pedro Umbelino… Continue reading Checkmarx Security Research Team latest work
Category: News
Checkmarx Security Research Team latest work
Some of our work was published and I would like to share it here: ReDoS in Go Decrypting JobCrypter More coming soon in a web near you 🙂
Reflected File Download webinar
On 13th March I did a webinar for Checkmarx showing in around 30 minutes what is and how you can exploit the web vector Reflected File Download. You can still watch the recorded version at RFD: Still Threatening the Biggest Names on the Web. Had a lot of fun doing it because it was my… Continue reading Reflected File Download webinar
Checkmarx Security Research Team latest work
The team who loves hacking and learning new things have published more stuff: Tinder’s Lack of Encryption Lets Strangers Spy on Your Swipes JavaScript Secure Coding Practices guide The Top 5 Exfiltration Attacks on WebViews JavaScript Attacks in WebViews Android WebView: Secure Coding Practices Is Your Child’s Data Safe From The Man In The Middle?
Checkmarx Security Research Team latest work
CSRT latest work and news: Evenbrite Security Wall of Fame Go programming SCP Remotely Exploitable Flaws Found in Popular IP Cameras Trump Website Hacked: Subdomain Takeover Defaces Fundraising Site More to come really soon… 🙂 Having fun hacking!
Details on the Cross-Site Request Forgery Vulnerability Disclosed at Black Hat
Also, there are no known safe versions of the Flowplayer SWF. If you're hosting it, I can XSRF you. Kill it now. https://t.co/h0TnyAKTsC — Kevin Riggle (@kevinriggle) August 6, 2015
Exploits start against flaw
[News] Exploits start against flaw that could hamstring huge swaths of Internet – http://t.co/u15KiTgFm0 — bugcrowd (@Bugcrowd) August 3, 2015