Secure design and coding

Secure OAuth 2.0: What Could Possibly Go Wrong?

  Author: Damian Rusinek   The previous section, Starting with OAuth 2 – Security check, covered the main threats which are the...

OAuth 2.0 Security Best Practices Checklist

  The Open Auth 2.0 is one of the most popular standards used to delegate the authorization to the third party application. OAuth 2.0 makes it...

Starting with OAuth 2.0 – Security Check

  OAuth 2.0 is the second version of Open Authorization Framework, the industry-standard delegation protocol for authorization.   What are...

Abusing & Securing XPC in macOS apps

  Author: Wojciech Reguła   XPC is a well-known interprocess communication mechanism used on Apple devices. Abusing XPC led to many severe...

Smart Contracts Security Checklist

  We’ve made a tool that will help you prevent the majority of known security problems and vulnerabilities by providing guidance at every stage...

Data leaks from AWS EC2 – how can Bob reveal Alice’s secrets?

  Author: Paweł Rzepa In this blog post I’m going to show you several ways in which sensitive data from an isolated AWS EC2 instance can be...

Seven-Step Guide to SecuRing your AWS Kingdom

  AWS (Amazon Web Services) tries to decrease the number of security issues among its customer by releasing new services or upgrading the old...

Buffer overflow x monkeyuser.com

    Everyone enjoys their coffee hot… As long as the amount of coffee fits perfectly into the cup. Otherwise, the exact moment it...

Queue based DoS x monkeyuser.com

  A mischievous joke to those who need a cup of coffee to take off, and there is a long queue to the only coffee machine on the floor… A truly...

Why should you consider pentesting your cloud?

It is true that migrating your business to the cloud indeed mitigates a lot of risks while comparing to a monolithic architecture. Thanks to the...

Mobile payment card cloning possibilities

  Nowadays we are observing very dynamic adoption of mobile contactless payments. These are systems provided by OS manufacturers (Android Pay,...

HCE cloning FAQ

  HCE cloning FAQ Our research demonstrated that it is possible to copy mobile contactless card data, enrol it to another phone, and use it for...

Armouring your SaaS #1: My obviously bulletproof SaaS

Mateusz Olejarka (mateusz.olejarka@securing.pl, @molejarka)   Do you enjoy the feeling that your company is the best, and your products –...

Transaction Authorization Cheat Sheet

Update 23/12/2015  Version 2.0   Transaction authorization is implemented in modern financial systems in order to protect against unauthorized...