Young hacker smiling

We hack your software

zero false positives

Expert intelligence + effective automation

Infinite Monkey Theorem

The infinite monkey fuzzer

Fuzz testing using American Fuzzy Lop

In our last entry, we argued that fuzzing is both “dumb” and surprising. In this article, we’ll continue exploring the possibilities of fuzzing. This time though, we’ll focus on desktop application fuzzing, specifically UNIX applications written in C. When developing in C, you usually have to handle memory …



Fuzzy caterpillar

Fuzzy bugs online

Fuzz techniques for attacking web applications

Web fuzzing is an automated, computerized technique to find bugs and vulnerabilities within a computer system. If you think protecting your site is a matter of simply blocking the most common types of malicious requests, think again. Read on. Injecting SQL into a vulnerable site A fairly common situation is …



Cucumber slices

Is your app in a pickle?

Documenting vulnerabilities with gherkin

Gherkin is a simple language that can be used for software documentation and testing. It can be thought of as a tool for communication between stakeholders and developers which helps minimize misunderstandings and regressions through precision in the definition of use-case scenarios. Figure 1. Behaviour-driven...



Person working on the computer while looking at cellphone

Delimiting an Ethical Hacking

How to define the scope of your objectives

The main problem encountered by an organization when they need to perform an Ethical Hacking is to establish the boundaries of the hacking. Delimiting the scope of an Ethical Hacking by time is a common mistake since it is not possible to know when the hacking, that is measured solely …



Blank CSV document icon

Is that CSV Secure?

Defining CSV injection vulnerabilities

Comma-Separated Values file (or CSV) is a type of file that stores tabular data, numbers and text in plain text. Each line of the file is a data record and each record consists of one or more fields separated by commas. CSV is a common data exchange format that is …



Hands typing in a text editor

The importance of pentesting

Protect your company against Hackers, not Lamers

Without a doubt, the recent events in relation to the infringement of privacy, such as the theft of personal information from celebrities, the Sony, Target and Equifax hacks, and the big ransomware that affected Telefonica, make us reflect about how organizations protect their information. All of this in addition to …



Text editor with code highlighting

Another proud son of JSON

Using JSON Web Token to send data

Today everything is connected, and thus, everything is communicated. Security has become a major issue in the complex world of web applications and their communications. Figure 1. JSON Web Token JWT JSON Web Token A JSON Web Token (JWT) is a URL safe way to represent a set of information …



Doll using a magnifying glass while searching through a set of data

Symbolic execution for mortals

What is it and how it works

In 2003 the Defense Advanced Research Projects Agency, DARPA, announced the Cyber Grand Challenge, a two-year competition seeking to create automatic systems for vulnerability detection, exploitation, and patching in near real-time which brought quite a big and complex task to the table. With this task symbolic...



Line of Lego stormtroopers with one facing the opposite direction

Conserving your identity

Using WS-Security to secure your web apps

In the digital era everything is or has a web application. Web apps are no longer just about content delivery, they have evolved to solve complex business needs and have become a mechanism for application integration. The communication and integration of these applications is most commonly done through Web Services …



Several boxes prompting for username and password

Multiple credentials begone!

Security issues and solutions of SSO services

The evolution of information technology brings with it many challenges, one of the biggest ones being Identity and Access Management. To take care of the growing vulnerabilities and attacks in this area, experts often recommend a Single Sign-on service (SSO). One of the most popular solutions implemented across...



The word Health Insurance being lift up to the sky by balloons

Healthcare in the clouds

Cloud based systems in healthcare and their issues

Figure 1. Healthcare in the cloud The healthcare nowadays is in the clouds, and not just the prices. With the fast pace in which technology advances and the many different solutions that are offered to all types of users, enterprises across all sectors are either in the cloud, transitioning to …



Computer with four padlocks, one unlocked

Dude, where’s my XSS protection?

Solving Halls of Valhalla Challenge: XSS4

Web application security is a major concern nowadays. You have to make sure your application is secure, especially if you have a lot of users. There are many controls a developer can implement to attempt to make the site safer. Or so they think. The fun of hacking is looking …




Service status - Terms of Use