Tag Archive

Press Release: Digital Infrastructure should integrate Malware

Published on July 22, 2020 By sanna

The German government wants to force Internet providers to install malicious software and intercept network traffic. Since the 1990s, there has been a constant struggle between authorities and security experts. One side wants to make digital infrastructure, especially data transport and communication, as secure as possible for business and society. The other side constantly strives […]

Token Hijacking via PDF – Dawid Czagan

Published on July 20, 2020 By sanna

PDF files are everywhere and they can be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which steals sensitive data from a user. The PDF file is uploaded to the web application, the user reads this PDF file, and finally sensitive data is exfiltrated from the user’s browser. […]

Press Release: Digitalisation without Information Security has no Future

Published on July 15, 2020 By sanna

DeepSec conference warns of unsafe software and insufficient knowledge of professionals. The months in which we had to learn to deal with the effects of various quarantine measures on our everyday lives have decisively emphasized the importance of information technology. Although the Internet has long been an integral part of work and everyday life in […]

Bypassing CSP via ajax.googleapis.com – Dawid Czagan

Published on July 7, 2020 By sanna

Content Security Policy (CSP) is the number one defensive technology in modern web applications. Many developers add ajax.googleapis.com to CSP definitions, because they use libraries from this very popular CDN in their web applications. The problem is that it completely bypasses the CSP and obviously you don’t want that to happen. Since CSP should be […]

Exploiting Race Conditions – Dawid Czagan

Published on July 1, 2020 By sanna

A race condition attack is one of the most dangerous and underestimated attacks on modern web applications. It’s related to concurrency and multithreading.  As a result of this attack an attacker, who has $1000 in his bank account, can transfer way more than $1000 from his bank account. This is just one example, but it […]

Communiqué de presse traduit: Les applis COVID-19 dévoilent leur logiciel pendant la crise

Published on May 13, 2020 By sanna

En novembre, la conférence sur la sécurité DeepSec mettra en lumière la mascarade des logiciels. On dit souvent, « il y a forcément une appli pour ça ! ». Cette formule toute faite est souvent prise à la légère, même en dehors du secteur informatique. La crise actuelle du COVID-19 a de nouveau désigné le […]

Translated Press Release: Covid-19 Apps show Software Development in Crisis

Published on May 8, 2020 By sanna

In November, the DeepSec security conference will highlight the software masquerade. In everyday language there is the saying “There’s an app for that!”. The phrase is often used as a joke, even outside the IT industry. The current Covid-19 crisis has once again addressed computer code as a universal solution to problems that are not […]