Have a question or comment? Submit your message through our contact form and a member of our team will get back to you within 24 hours.
In today’s development landscape among our customers, it’s rare to encounter production PHP code. However, when we do, the story is always the same. Typically, such code is riddled with numerous high and critical-level vulnerabilities. Reviewing and testing this kind of code feels like being transported back in time about 20 years when all the […]
How Server-Side Request Forgery Can Lead to Full Cloud Compromise – and What You Can Do About It Introduction Server-Side Request Forgery (SSRF) is a powerful exploit that enables attackers to trick a vulnerable server into making arbitrary HTTP requests on their behalf. While some view SSRF as merely a method to force the server […]
Introduction Securing your application’s Firestore database is crucial for protecting sensitive data and maintaining user trust. Google Firestore, a scalable NoSQL cloud database, offers robust features for real-time data management, but securing it against threats requires careful attention. This article is designed to help developers and security professionals assess and strengthen their Firestore implementations. A […]
Incentives Firestore security is an important topic for modern applications. Its wide usage and serverless architecture may cause security issues in the areas such as authentication, authorization, and data exposure. Especially they are exposed to data leakages, which may be caused by a non-serveless design approach. In a world of multi-tier applications, using a backend […]
More up-to-date Hackvertor game-changer techniques, code examples, and tips for advanced penetration testing and bug bounty. Intro Hackvertor is a Burp extension that programmatically extends Burp capabilities, by allowing you to embed neat code logic directly into HTTP requests sent/proxies by Burp and its extensions. Similar to Postman pre-request scripts. Here, I will try to […]
Introduction Many of us have probably been faced with testing an application with custom HTTP request authentication or message signing. The requests from these applications can be proxied but they have built-in replay protection mechanisms in some form. As such, it isn’t possible to resend these requests outside of the application therefore making all external […]