News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

User Controllable Charset

User-controllable charset vulnerability occurs when a user can control the character set that the web application uses to decode data. Attackers can exploit this vulnerability by using different character sets to bypass security measures and execute malicious code. This can lead to data theft, data manipulation, and other security issues.

Vulnerabilities

Cookie Poisoning

Cookie poisoning is a security vulnerability that arises when a malicious user manipulates the cookies used by a web application to gain unauthorized access to sensitive information or perform unauthorized actions.

Vulnerabilities

Open Redirect

Open redirect vulnerability is a security flaw where an attacker can exploit a website's redirection functionality to redirect users to malicious websites or pages that can potentially steal sensitive information.

Vulnerabilities

Information Disclosure - Suspicious Comments

Information disclosure is a vulnerability that can compromise the confidentiality of sensitive information in your web application. The vulnerability "Information Disclosure - Suspicious Comments" refers to comments in the source code that may reveal sensitive information to an attacker.

Vulnerabilities

HTTP Parameter Override

HTTP Parameter Override (HPO) is a security vulnerability that allows an attacker to modify the parameters in an HTTP request, which can lead to various types of attacks, including SQL injection, cross-site scripting (XSS), and session hijacking.

Vulnerabilities

Information Disclosure - Sensitive Information in HTTP Referrer Header

Information Disclosure - Sensitive Information in HTTP Referrer Header is a security vulnerability that occurs when the web application redirects the user to a new page, and the sensitive data is included in the URL of the new page. An attacker can exploit this vulnerability to obtain sensitive information that is not intended to be disclosed.

Vulnerabilities