What is Detectify?

Web security blog

Stored XSS-ing Millions Of Sites Through HTML Comment Box

Most read articles
How I made LastPass give me all your passwords » Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token » Chrome Extensions – AKA Total Absence of Privacy »

CSP flaws: cookie fixation

Cookie fixation CSP Mathias Karlsson

postMessage XSS on a million sites

AddThis Mathias Karlsson postmessage

The pitfalls of postMessage

Mathias Karlsson postmessage

Combining host header injection and lax host parsing serving malicious data

bug bounty Fastly Frans Rosén Heroku Mathias Karlsson

The story of EV-SSL, AWS and trailing dot domains

Frans Rosén Hostile Subdomain takeover SSL

Using Chrome’s web-custom-data UTI to inject a stored XSS in Slack

Frans Rosén Slack XSS

How I made LastPass give me all your passwords

Cross Site Scripting Lastpass Mathias Karlsson XSS

What HPKP is but isn’t

HPKP HTTP public key pinning

7 tools that have influenced the reversing community

DRM reverse engineering
What is Detectify? Contact us Sign up for a free trial »
A security service for developers.