Cross Site Request Forgery

When Sir Timothy (aka Tim Berners-Lee) designed the first version of his new information system in 1989 (that became the Web two years later), it was meant for connecting various research documents via references. Back then, and even later when the budding Web started to grow, there was no need for tracing the reader’s progress - when a page was revisited, it was opened from the beginning again. To this day, the main protocol of the Web, HTTP, is a bit like a senile senior to whom his/her children must re-introduce themselves all over every time they pay a visit.

Read more

Sandboxed Cyber Security Learning Platform Early Access

We’ve been working on teaching syber security for a few years already, but only recently made it to the point where we can safely ask for public feedback. It’s not perfect, the UX is not the best, but the product is truly awesome.

Read more

How to change your UserAgent in Chrome or Firefox (gif!)

Every browser has a UserAgent attached to it. Any website you go to gets this information through the request headers.

Read more

Unrestricted File Upload

Here’s a simple attack that may not seem as common these days, but even with sufficiently secure frameworks unknowing developers can bypass security features and produce a vulnerable application. Even large IT companies stumble sometimes. Do not let it come to you as a surprise, as there are loads of ways to attack and bypass security features.

Read more