blog

Is bug bounty a full-time job?

A bug bounty program, also known as a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. As part of an organization’s vulnerability management strategy, bug bounty programs are frequently initiated to supplement internal code audits and penetration tests. Many software vendors and websites have bug bounty […]

Is bug bounty a full-time job? Read More »

Is an API gateway sufficient for security?

The development of cloud computing architectures has forced businesses to reconsider how they expand their applications. Companies were encouraged to abandon full-stack application deployment via infrastructure such as virtual machines in favor of a microservices strategy based on APIs built of numerous interoperating services. The market for APIs is growing, and so is the threat

Is an API gateway sufficient for security? Read More »

What is GhostTouch? (The first contactless attack against capacitive touchscreens of smartphones)

Some smartphone attacks necessitate physical access to the device and interactions with the touchscreen. So, as long as no one touches your phone, it’s safe, right? Wrong, according to a new study by security researchers from Zhejiang University in China and the Technical University of Darmstadt in Germany. The paper (PDF), which will be presented

What is GhostTouch? (The first contactless attack against capacitive touchscreens of smartphones) Read More »

What is Heartbleed OpenSSL Vulnerability?

The Heartbleed Bug is a serious flaw in the widely used OpenSSL cryptographic software library. This flaw allows information to be stolen that would otherwise be protected by the SSL/TLS encryption used to secure the Internet. SSL/TLS ensures Internet communication security and privacy for applications such as web, email, instant messaging (IM), and some virtual

What is Heartbleed OpenSSL Vulnerability? Read More »

WordPress CSP Bypass Exploit

A security researcher Paulos Yibelo discovered an interesting, albeit incomplete, technique for circumventing CSP (Content Security Policy) controls using WordPress which is marked as a critical vulnerability. The hack, discovered by security researcher Paulos Yibelo, is based on exploiting the same-origin method execution and went public with the findings through a technical blog post. To

WordPress CSP Bypass Exploit Read More »

Scroll to Top