What is Detectify?

Writeups

How we invented the Tesla DOM DOOM XSS

Tesla XSS
AWS bug bounty Frans Rosén privacy XSS

A deep dive into AWS S3 access controls – taking full control over your assets

Detectify Crowdsource Persistent XSS Team Tailor XSS

How I found a persistent XSS affecting thousands of career sites

login/logout CSRF Mathias Karlsson

Login/logout CSRF: Time to reconsider?

Frans Rosén postmessage Slack

Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token

Mathias Karlsson SQL Injection

SQLi in INSERT worse than SELECT

Stored XSS-ing Millions Of Sites Through HTML Comment Box

Cookie fixation CSP Mathias Karlsson

CSP flaws: cookie fixation

AddThis Mathias Karlsson postmessage

postMessage XSS on a million sites

Mathias Karlsson postmessage

The pitfalls of postMessage