What is Detectify?

Detectify Labs

A security research blog

The pitfalls of postMessage

Mathias Karlsson postmessage

Combining host header injection and lax host parsing serving malicious data

bug bounty Fastly Frans Rosén Heroku Mathias Karlsson
Get research and tips from Detectify security experts and the Crowdsource hacker community Subscribe to the Detectify Monthly Round-up

The story of EV-SSL, AWS and trailing dot domains

Frans Rosén Hostile Subdomain takeover SSL

Using Chrome’s web-custom-data UTI to inject a stored XSS in Slack

Frans Rosén Slack XSS

How I made LastPass give me all your passwords

Cross Site Scripting Lastpass Mathias Karlsson XSS

What HPKP is but isn’t

HPKP HTTP public key pinning

7 tools that have influenced the reversing community

DRM reverse engineering

Fusion Challenges – level02 Write-up

binary exploitation Fusion challenges return-oriented programming

Slack bot token leakage exposing business critical information

Slack Slackbots token

Frans Rosén’s Bugcrowd Guest Blog: Using a Braun Shaver to Bypass XSS Audit and WAF

bug bounty Bugcrowd Cross Site Scripting Frans Rosén XSS
Start securing your web apps with tech powered by Detectify Crowdsource hackers Start a 2-week free trial of Detectify and go hack yourself