Author Archives Ziyahan Albeniz

Open Graph Protocol (OGP) was introduced by Facebook to highlight shared links in social media platforms. Phishing attacks use OGP to deceive users into clicking links that redirect them to other websites. This blog post explains what the OGP looks like, discusses phishing attack research and finally lists some precautions to take against them. Read More

This article focuses on new research into potential remote hardware takeover vulnerabilities in admin software. These vulnerabilities occur due to a lack of control mechanisms, which enables potential WebSocket Hijacking attacks. The article explains how these attacks work, how to prevent them, and the importance of a content security policy header. Read More

This article examines the security of PHP's session cookies in a shared hosting environment, and explains why a cryptographically secure, random session ID is not enough to prevent attacks. It explains how PHP handles cookies and how the session management feature initializes in PHP. Finally, it provides an attack demo and advice for prevention. Read More

jQuery is a JavaScript library that simplifies the process of writing code in JavaScript by making the element selectors, event chaining, and event handling easier. Since its inception, a large number of client-based libraries are dependent on jQuery. This article will examine the research on jQuery selectors. Read More

Session variables are server-side variables whose value is tied to the current session. They are an essential part of many web applications. Session-related vulnerabilities have a large impact on web application security. This article explores two vulnerabilities related to them: session puzzling and bypassing two-factor authentication. Read More

This article explains the origins of the Clickjacking Attack and how it works. It then examines how a researcher discovered a Clickjacking bug on Facebook and how Facebook responded to the Clickjacking attack. Finally, the article provides advice on how to prevent Clickjacking Attacks by using the X-Frame-Options HTTP security header. Read More

This article describes the details and logic behind a vulnerability that combines Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE) on routers. This combination can allow a hacker to discover and gain access to the machines within the network of a router. Content-Type Headers provide a critical role in security against it. Read More

This blog post includes a discussion of URLs, their structure, how they can contain sensitive information and why it's so difficult to parse them without introducing vulnerabilities. We include an example of how a parsing error led to a Window Opener Protection Bypass. Read More

In this blog post, we discuss the research on Fragmented SQL Injection where the hackers control two entry points in the same context in order to bypass the authentication form. Our security researcher looks at the importance of single quotes in the SQL injection attacks and the solution, Prepared Statements, also known as Parameterized Queries. Read More

This blog post explains how the Tor network, selected for anonymity, can actually be used to discover users' IP addresses due to an incorrect SSL configuration. It includes examples, screenshots and recommendations for further reading. Read More

This blog post looks at two address bar spoofing incidents. The first involved the Homograph vulnerability, where attackers used the IDN feature to trick users by imitating legitimate characters. The second involved Edge and Safari, in which visitors redirected to another website were intercepted by attackers. Code samples are included. Read More

This blog post examines how PHP stream wrappers can be used to bypass keyword based blacklists. It includes an examination of the generic functions that can be used to interact with streams, the concept of stream-context and steam filters. It also looks at PHP wrappers in RFI attacks and bypassing blacklists. Code samples are supplied throughout. Read More

This blog post examines the research of Finnish computer scientist Vladimir Smitka on the dangers of open version control system Git files. We discuss his results, how prevalent it is, why the structure of Git makes it so convenient for hackers, how you can check if your Git folder is open and how to protect your folders. Read More

This blog post discusses the 0-Day vulnerability introduced into the Tor Browser's NoScript script blocking extension, originally designed to allow users to block JavaScript from running, and how it could have been disabled it in order to potentially unmask Tor users with a JavaScript exploit. It includes an explanation of the exploit code. Read More

This blog post provides an introduction to subdomains, why we use WWW and analyzes the impact of the WWW subdomain on cookie security. Then, it examines why we use WWW and how to set the domain attribute of cookies. The post includes two case studies and code samples. Read More

In this blog post, our Security Researcher Ziyahan Albeniz examines the latest Chrome release, which makes secure web connections the new standard by checking the validity of secure TLS certificates. This article examines encryption keys, certificates and certificate authorities, HSTS, HPKP, SRI and CSP, and concludes with some code examples. Read More

On June 27, 2018 Ticketmaster UK announced a data breach incident. This time, one of JavaScript's unexpected limitations prevented a security incident – at least for Turkish users. This blog post discusses how leveraging browser security features, such as Subresource Integrity and Content Security Policy could have secured their website. Read More

Reddit announced that they had been the victim of an elaborate hack. The attackers accessed email digests of August 2018 and the entire 2007 database backup which included old salted and hashed user passwords. They also compromised a few accounts of Reddit employees by intercepting the SMS used in 2FA. Read More

This blog post documents our Security Researcher Ziyahan Albeniz's experiment in exploiting a Microsoft Edge browser vulnerability. He explains how a combination of SOP, the ability to email clickable links and a vulnerability in both the Windows Mail and Calendar applications actually enable the exploit. It includes his Proof of Exploit video. Read More

Our security researcher discusses the potential implications of the cross-site request forgery (CSRF) issue found in Grammarly and the importance of cross-site request forgery protection. Read More