$ ls -la /var/log/vault/posts/

Posts

// 21 entries on application security, vulnerabilities and research

appsec

Screen Caching

Screen Caching is another of those vulnerabilities nobody is paying attention to, and this one is quite important. As an example, …

· 3 min
appsec"

Auth Token in LocalStorage

Getting right to the point: storing a token in LocalStorage is insecure. It’s getting more and more common to use token …

· 4 min
appsec

Security of the NPM Packages

Javascript (and typescript) is now one of the most used languages in new projects. It has an awesome performance, and Promises …

· 9 min
appsec

Breaking C# SecureString

As discussed previously in Heap Inspection post keeping passwords and other sensitive data in memory may be insecure as they can …

· 8 min
appsec

Reverse Tabnabbing

Reverse Tabnabbing or also known as Unsafe Target Blank is one of the most underrated vulnerability, and this is the one I like …

· 3 min
appsec

Insecure Deserialization in Java

Insecure deserialization got in OWASP top 10 in 2017 as most of web applications written in Java and .net where found vulnerable …

· 7 min
appsec

Weak Random

A lot of developers don’t know that regular Random is a weak random implementation. In fact its quite predictable. A lot of …

· 7 min
appsec

XML External Entities (XXE)

XML and JSON are two formats ruling the web right now. Although JSON’s adoption is increasing significantly specially with …

· 6 min