Sandboxed Cyber Security Learning Platform Early Access

We’ve been working on teaching cyber security for a few years already, but only recently made it to the point where we can safely ask for public feedback. It’s not perfect, the UX is not the best, but the product is truly awesome.

Read more

How to change your UserAgent in Chrome or Firefox (gif!)

Every browser has a UserAgent attached to it. Any website you go to gets this information through the request headers.

Read more

Unrestricted File Upload

Here’s a simple attack that may not seem as common these days, but even with sufficiently secure frameworks unknowing developers can bypass security features and produce a vulnerable application. Even large IT companies stumble sometimes. Do not let it come to you as a surprise, as there are loads of ways to attack and bypass security features.

Read more

Insecure Direct Object References

Insecure Direct Object References (also known as IDOR) happen when it’s possible to get direct access to different data objects within a web application which are exposed to users. As a result of this vulnerability it is possible for potential attackers to bypass authorization or access data like files or database records in the system directly. It can be done by modifying the value of a parameter used to directly point to an object. This is caused by the fact that the web application takes user supplied input and uses it to retrieve an object without performing authorization checks.

Read more