Web applications

iOS Security Suite – anti-tampering Swift library

  Security is a topic that should be considered also by iOS developers. Since the platform cannot be treated as 100% secure, devs and security...

CONFidence 2019 – conference recap

  Every year CONFidence is one of the most important events for us and is supported by our entire team.   We prepare substantive lectures,...

Seven-Step Guide to SecuRing your AWS Kingdom

  AWS (Amazon Web Services) tries to decrease the number of security issues among its customer by releasing new services or upgrading the old...

Apache Airflow

  Vulnerability description: Incorrect Fileloc validation for the selected item allows you to send JavaScript code that will undergo server...

We need to go deeper – Testing inception apps

We need t go deeper – Testing inception apps. from SecuRing   When it comes to thick-clients, java applets, embedded devices or mobile...

Building & Hacking Modern iOS Apps

Building & Hacking Modern iOS Apps from SecuRing   After my offensive presentation “Testing iOS Apps without Jailbreak in 2018”...

Artificial Intelligence – a buzzword, new era of IT or new threats?

Artificial Intelligence – a buzzword, new era of IT or new threats? from SecuRing   In my presentation I will show you a couple of applications...

Security education via security features

Security education via security features from SecuRing   Let’s talk about UX and security – those two may not seem to go...

Attacking AWS: the full cyber kill chain

  While it is quite common practice to do periodic security assessments of your local network, it is really rare to find a company who puts the...

Resource takeover x monkeyuser.com

  Missed last available coffee mug? Watch out, April Fools’ Day!   There are many things, besides the last free mug of course, that...

Ethereum Responsible Disclosure Messenger

This tool is used to: send a secret message to the owner of a personal or contract Ethereum address, encypted with its owner ECC public key, decrypt...

DumpsterDiver

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secrets like keys (e.g. AWS Access Key, Azure Share...

BucketScanner

BucketScanner is a tool used to: find collectable files for an anonymous/authenticated user in your buckets verify if an anonymous/authenticated user...

AppSec Europe 2018 – our presentations

  AppSecEU is the premier application security conference for European software developers and security experts.   This year it spaned two...

Hunting for the secrets in a cloud forest

Hunting for the secrets in a cloud forest from SecuRing   Have you ever wonder if the access to your cloud kingdom is secure? Have you ever...

A 2018 practical guide to hacking RFID/NFC

A 2018 practical guide to hacking RFID/NFC from SecuRing   Ever wanted to hack these proximity/contactless cards you use every day, but did not...

IThemes Security WordPress Plugin

  Vulnerability description: The iThemes Security plugin before 6.9.1 and iThemes Security Pro plugin before 4.8.5 for WordPress are vulnerable...

REST API Pentester’s perspective

REST API Pentester's perspective from SecuRing

Struts security app-ocalypse. IT security manager’s survival guide

Sławek Jasek – IT security expert, SecuRing   The problem  Recently, we have seen one of the most spectacular data breaches in history. Equifax...

Several polish banks hit by watering hole attack – lessons learnt?

Wojciech Dworakowski (wojciech.dworakowski@securing.pl, @wojdwo)   Last days Badcyber.com –informed about ongoing attack on polish banks....

Internet banking safeguards vulnerabilities

Internet banking safeguards vulnerabilities – OWASP AppSec EU 2016 from SecuRing