HOW SAFE IS YOUR DATA?
// OUR SERVICES
// LATEST NEWS
I recently discovered a path traversal vulnerability on a bash script exposed through the cgi-bin directory on an Apache server. Using the vulnerability, I was able to read arbitrary files on the remote system (as long as the access controls of the Apache user allowed...read more
Seemingly one of the most overlooked security vulnerabilities in the web applications that we test is the deserialization of untrusted data. I say overlooked because awareness of this issue seems to be comparatively low among web developers. Contrast that with the...read more
If you're ever running any programs on an account with administrative privileges, it might be tempting to think "It's alright; at least if this account is compromised, the attacker won't be able to obtain NT AUTHORITY\SYSTEM ("SYSTEM" for simplicity) level...read more