Detectify security updates for 7 February

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize...

/ February 7, 2019

A guide to HTTP security headers for better web browser security

Happy Safer Internet Day! We teamed up with anti-malware company Malwarebytes to provide web browser security tips for both workplace Internet users and web developers. If you’re an employee looking for best practices for web browsing at work, visit the Malwarebytes blog...

/ February 5, 2019

Eray Mitrani: Stumbling upon a new way to exploit authorization bypass in Jira

Eray Mitrani works for Nokia Deepfield where they are providing network analytics and DDoS-protections. He is also a security researcher in the Detectify Crowdsource community. In the following guest blog, he goes through the process of finding and submitting his...

/ January 29, 2019

Detectify security updates for 23 January

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize...

/ January 24, 2019

8 ways to create better cybersecurity awareness with a limited budget

Not all cybersecurity budgets are made equal, and for some that means having too many or too few tools. For others this means having few employees or being the lone ranger responsible for better security awareness in the company. Here are...

/ January 18, 2019

What is server side request forgery (SSRF)?

Update: SSRF has been nominated in the new OWASP Top 10 of 2021. The list is currently pending peer reviews, but it would not be surprising for this to stay on the list. We’ve seen more and more instances and...

/ January 10, 2019

Detectify security updates for 10 January

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize...

/ January 10, 2019

Meet the Hacker: europa: “I always trust my gut when I get the feeling that something is there”

Meet the hacker europa, a white hat hacker on the Detectify Crowdsource platform. He is based in Italy with a great passion for infosec and relatively new to the bug bounty scene, but seasoned in infosec. We asked him about...

/ January 4, 2019

Detectify Year in Review 2018

It’s been a great year for Detectify and there’s a lot that’s happened for us as we continue to grow our teams and business. Join us for a proverbial toast to the year as we share a recap of our...

/ December 20, 2018

9 biggest web security news of 2018

The year started off with a bang as the research of Meltdown and Spectre rendered almost all computing devices to be vulnerable. As the year moved on Facebook, Magecart and 2FA alternatives also were also part of security discussions. Here...

/ December 19, 2018

Detectify security updates for 13 December

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize...

/ December 13, 2018

[PoC Video] jQuery-File-Upload: A tale of three vulnerabilities

TL;DR Three vulnerabilities in the second most starred Javascript repository on Github which two of them are remote code execution and the third makes it possible to permanently delete any uploaded file made by jQuery-File-Upload. The latter is intended behaviour...

/ December 13, 2018