What is Detectify?
Web security blog
Security
Writeups
How to
Detectify
BountyDash – A local bug bounty statistics dashboard
bug bounty
Frans Rosén
Github
Mathias Karlsson
Most read articles
How I made LastPass give me all your passwords
»
Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token
»
Chrome Extensions – AKA Total Absence of Privacy
»
Login/logout CSRF: Time to reconsider?
login/logout CSRF
Mathias Karlsson
Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token
Frans Rosén
postmessage
Slack
SQLi in INSERT worse than SELECT
Mathias Karlsson
SQL Injection
Stored XSS-ing Millions Of Sites Through HTML Comment Box
CSP flaws: cookie fixation
Cookie fixation
CSP
Mathias Karlsson
postMessage XSS on a million sites
AddThis
Mathias Karlsson
postmessage
The pitfalls of postMessage
Mathias Karlsson
postmessage
Combining host header injection and lax host parsing serving malicious data
bug bounty
Fastly
Frans Rosén
Heroku
Mathias Karlsson
The story of EV-SSL, AWS and trailing dot domains
Frans Rosén
Hostile Subdomain takeover
SSL
« Previous
1
2
3
4
5
…
8
Next »
