by Andrew Plato | Oct 13, 2018 | Application Security, Vulnerabilities, Vulnerability Management, Vulnerability Research
Exploiting a SAML Implementation During a recent web application test, I discovered a bug in a Security Assertion Markup Language (SAML) implementation. This bug involved an insecure implementation of a SAML feature combined with a custom authentication mechanism our...
by Andrew Plato | Apr 2, 2018 | Application Security, Penetration Testing, Vulnerabilities
Welcome to Part 2 of this 2-part blog series looking at the details of exploring and validating an exploit! If you liked this series, I bet you’d be interested in our webinar on How to Think Like A Hacker, check it out! Now on to Part 2: Taking it to the Next...
by Andrew Plato | Mar 27, 2018 | Application Security, Penetration Testing, Vulnerabilities
A Study in Exploit Development: Easychat SEH exploit A typical penetration test involves automated scanning to identify vulnerabilities, followed by a more manual testing process where the tester attempts to validate and exploit those vulnerabilities. Many times, we...
by Andrew Plato | Jan 24, 2018 | Risk Management, Security Analytics, Vulnerabilities
It has been a few weeks since security researchers discovered that nearly every processor on earth is vulnerable to Meltdown and Spectre vulnerabilities. Panic is spreading. We agree that this is a serious set of vulnerabilities. But, no need to panic. We got this....
by Andrew Plato | Aug 20, 2015 | Vulnerabilities, Vulnerability Research
During the course of a web application test, occasionally our automated tools will miss a serious vulnerability. Cross-Site Request Forgery is one of these vulnerabilities that our scanners sometimes miss. You can read more about CSRF here. This is why it is so...
by Andrew Plato | Jul 22, 2015 | Vulnerabilities, Vulnerability Research
In the information security industry’s latest attention grabbing headline, we have the tale of Charlie Miller and Chris Valasek hacking a Jeep Cherokee and disabling it while driving down the highway. You can read about this hack here. This is stunt hacking. That is,...
