What is Detectify?

Web security blog

Dissecting the Chrome Extension Facebook malware

Chrome Chrome extensions Facebook Frans Rosén XSS

How we invented the Tesla DOM DOOM XSS

Tesla XSS

A deep dive into AWS S3 access controls – taking full control over your assets

AWS bug bounty Frans Rosén privacy XSS

How I found a persistent XSS affecting thousands of career sites

Detectify Crowdsource Persistent XSS Team Tailor XSS

BountyDash – A local bug bounty statistics dashboard

bug bounty Frans Rosén Github Mathias Karlsson

Login/logout CSRF: Time to reconsider?

login/logout CSRF Mathias Karlsson

Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token

Frans Rosén postmessage Slack

SQLi in INSERT worse than SELECT

Mathias Karlsson SQL Injection

Stored XSS-ing Millions Of Sites Through HTML Comment Box

CSP flaws: cookie fixation

Cookie fixation CSP Mathias Karlsson