Single-page applications need better auditing
Vladimir
tl;dr Most web pentesting tools currently focus on backend exploitation (such as SQL injections, Reflected or Stored XSS, …). However, in recent years, frontend parts of applications have gained in…
Browsing Category
Security
64 posts
Giving a voice to Jira
Oscar Baracos
The problem What if you could talk to Jira to create a ticket instead of having to interrupt what you’re doing to open a new tab, and painstakingly scroll through…
ESLint backdoor: revoke all the tokens
Tl;dr [EDIT 2018-07-16] The official ESLint post-mortem has been released. NPM already revoked all tokens at once so you probably don’t need to do this yourself. A backdoor was introduced…
In code we Struts: in-depth review of a Java vulnerability for developers
Sylvain
Houston, we have a security issue! Alas, most public coverage of a severe issue is in the lines of “OMG, there is a critical issue you should update ASAP otherwise…
An in-depth look at CVE-2018-8778 or why integer overflows are still a thing!
Benoit
A new exciting vulnerability (yes sorry, we easily get excited about these things 😜) has been released in Ruby. CVE-2018-8778 is a Buffer under-read that is triggered by String#unpack. Kudos…
Reflected XSS explained: how to prevent reflected XSS in your app
Jb
What is a reflected XSS? An XSS allows an attacker to inject a script into the content of a website or app. When a user visits the infected page, the…
Bad bots are eating the world. But developers will save us all
Paul
Scrapers or bad bot protection is a big topic for a lot of company departments. However, it’s always developers or DevOps that end up implementing a bad bot mitigation solution.…
Security analysis of the most popular cryptocurrency exchanges
So you’ve finally decided to buy some Bitcoin, Ethereum or any other coin that’s all the rage these days? At Sqreen, we’re not so much interested in the cryptocurrency craze,…
Authentication Best Practices for Vue
Thibaud
Introduction Whenever you start to get serious with a project, you will most likely face the issues of how to handle client-side token-based authentication. You will have to answer these…
Security.txt toolbox for your Ruby app
What is security.txt? Security is all about tradeoffs. We all know we should be doing something about it in our application, yet, so few of us do. Strangely enough one…