What is Detectify?

Mathias Karlsson

Middleware, middleware everywhere – and lots of misconfigurations to fix

Frans Rosén load balancer Mathias Karlsson middleware vulnerabilities misconfigurations Nginx
bug bounty Frans Rosén Github Mathias Karlsson

BountyDash – A local bug bounty statistics dashboard

login/logout CSRF Mathias Karlsson

Login/logout CSRF: Time to reconsider?

Get research and tips from Detectify security experts and the Crowdsource hacker community Subscribe to the Detectify Monthly Round-up
Mathias Karlsson SQL Injection

SQLi in INSERT worse than SELECT

Cookie fixation CSP Mathias Karlsson

CSP flaws: cookie fixation

AddThis Mathias Karlsson postmessage

postMessage XSS on a million sites

Mathias Karlsson postmessage

The pitfalls of postMessage

bug bounty Fastly Frans Rosén Heroku Mathias Karlsson

Combining host header injection and lax host parsing serving malicious data

Cross Site Scripting Lastpass Mathias Karlsson XSS

How I made LastPass give me all your passwords