What is Detectify?

Detectify Labs

A security research blog

Undocumented authentication bypass issue in AEM Package Manager [Blog updated]

0day Detectify Crowdsource
Most read articles
How I made LastPass give me all your passwords » Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token » Chrome Extensions – AKA Total Absence of Privacy »

What is a Prototype Pollution vulnerability and how does page-fetch help?

client-side featured page-fetch prototype pollution tools
Get research and tips from Detectify security experts and the Crowdsource hacker community Time... to subscribe to the Detectify Monthly Round-up

Detectify releases Ugly Duckling, an open-source web scanner for ethical hackers

Detectify Crowdsource open-source scanner

CVE-2020-29653: Stealing Froxlor login credentials using dangling markup

0-day CVE Detectify Crowdsource XSS

Middleware, middleware everywhere – and lots of misconfigurations to fix

Frans Rosén load balancer Mathias Karlsson middleware vulnerabilities misconfigurations Nginx

How I hijacked the top-level domain of a sovereign state

ccTLD DNS hijacking Domain hijacking featured Fredrik Almroth TLD takeover

Modern PHP Security Part 2: Breaching and hardening the PHP engine

PHP

Modern PHP Security Part 1: bug classes

featured modern php SQLi SSRF SSTI

How-to Tutorial: PHP Webshell De-Obfuscation

php malware

Investigation of PHP Web Shell Hexedglobals.3793 Variants

PHP php malware
Like what you read? Start securing your web apps with tech powered by Detectify Labs contributors Start a 2-week free trial of Detectify and see the difference for yourself
What is Detectify? Subscribe to newsletter Sign up for a free trial »
A security service for developers.