TL;DR: Setting up access control of AWS S3 consists of multiple levels each with its own unique risk of misconfiguration. We will go through the specifics of each level and identify the dangerous cases where weak ACLs can create vulnerable configurations impacting the owner of the S3-bucket and/or through third party assets used by a lot of companies. We also show how to do it properly and how to monitor for these sorts of issues.

Our guest blogger and Detectify Crowdsource hacker ak1t4 explains how he discovered and reported a persistent XSS vulnerability on Teamtailor that affected thousands of career sites – including Detectify’s external career site. Teamtailor patched the vulnerability within one day after the issue had been reported.

My stance on login/logout CSRF has changed. I, like many others, used to quickly dismiss them as a non-security issue. However, there are several situations where they could become a security issue.

SQL Injection in INSERT can be used not only to extract data, but also add/modify data in the table used in the query. This post describes how.

Our guest blogger and Detectify Crowdsource hacker Karim Rahal explains how he discovered and reported a stored XSS vulnerability that affected over a million of websites.

TL;DR: CSP can’t block <meta http-equiv="Set-Cookie" content="a=b">. XSS vulnerability on a page with CSP can still be source for attacks that are based on writing cookies. Let’s take a look at some examples of cookie fixation issues.

The postMessage API is an alternative to JSONP, XHR with CORS headers and other methods enabling sending data between origins. It was introduced with HTML5 and like many other cross-document features it can be a source of client-side vulnerabilities.