All posts by Charlie

A security overview of Content Management Systems

Any developer would probably agree Content Management Systems (CMS) make it easier for web development teams and marketing to work together. However CMS assets like blog.company.com are also web application based and could be targets of hacker attacks. Why’s that? Simply...

/ December 4, 2018

Detectify security updates for 29 November

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize...

/ November 29, 2018

Detectify security updates for 15 November

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize...

/ November 15, 2018

[Video] Proof of Concept: CVE-2018-2894 Oracle WebLogic RCE

A recent vulnerability was sent in to Crowdsource affecting Oracle WebLogic Server. The vulnerability is an unauthenticated remote code execution (RCE) that is easily exploited. In this article we will go through the technical aspects of the Oracle WebLogic RCE...

/ November 14, 2018

Cloud security basics: 9 security issues to address as you move to cloud services

The scalability advantage of cloud computing can only be sustained with the application of cloud security basics. A cloud service provider takes care of the physical security of their data centres, while the organization storing data up there needs to...

/ November 12, 2018

What do we want? Vulnerabilities! What type do we want? Well…

… we want them all. Vulnerabilities submitted to us from our Detectify Crowdsource community of 150+ ethical hackers makes Detectify what it is, and it is because of this collaboration we can make the internet more secure. Our community provides...

/ November 7, 2018

Detectify security updates for 31 October

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize...

/ November 1, 2018

Detectify security updates for 19 October

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize...

/ October 19, 2018

Q&A with Grant McCracken, Bugcrowd: “You might be thinking, do I want people to hack me? The answer is yes!”

At this year’s Black Hat USA, we caught up with Grant McCracken, Sr. Manager of Solutions Architecture at Bugcrowd and asked him about his thoughts on crowdsourced security, the evolution of ethical hacking, and the security community. Photo of Grant...

/ October 17, 2018

Iframe busters lead to XSS on 2% of all websites

It is no secret that ad placements are a revenue stream for online media channels, but something not commonly known is that the ad technology iframe busters used often introduces vulnerabilities. If you are selling or buying advertisement online, this...

/ October 4, 2018

Detectify security updates for 4 October

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize...

/ October 4, 2018

Web security podcasts we are currently listening to

When you’re tired of reading about web security, you don’t have to stop the learning there. Stream a podcast! September 30th is International Podcast Day and to celebrate, we’ve curated a list of web security podcasts we are listening to...

/ September 30, 2018