No need for tinfoil hats when it comes to application security, we’re all too painfully aware of what can happen. From data breaches to destructive attacks, the potential impacts couldn’t be more clear. Web applications in particular are interesting because of their exposed position — it’s not uncommon for sensitive web applications to be secured […]
Author Archives: Oscar
OWASP Top 10 2013 – A10 – Unvalidated Redirects and Forwards
> How did I end up here? Whenever a user is sent to some unexpected (and perhaps malicious) third-party site, an Unvalidated Redirection is said to have occurred. Though it is also known by quite a few other names: unvalidated redirect, open redirection, unvalidated forward, and so on.
Other Gaming in 2018
PC master race! Console peasants :3! Rabble rabble rabble rabble! Jokes aside, there has been some non-PC gaming as well this year, and I reckon it warrants its own post. I’ll cover this in three sections: Switch, mobile, and other.
PC Gaming in 2018
New years eve is just around the corner, so why not summarise the gaming that happened in 2018 :)! In total I acquired about 50 games, of which I’ve played 15. Once again Humble bundle is responsible for the sheer numbers, with F2P-games (~10) coming in second. Most games have been launched at least, though […]
Blog Maintenance
Why have free time when you can keep tinkering with stuff? Blog is updated, theme is changed (not sure what I think of twenty nineteen yet…), and we’re ready for 2019!
Setting up Web Application Pentesting Tools
This post will walk you through how to set up the basics needed to do web app pentesting. More specificly, we’ll be setting up a web browser for pointing and clicking, an attack proxy for hackety hacking – all while covering the configuration needed.
F-Secure Radar Login Page Unvalidated Redirect Vulnerability
CVE-2018-6324 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6324 Summary The application will upon successfully logging in redirect the user to a user-controlled destination. A victim user may not recognise that a redirection takes place as they expect to be sent to a new page. Vendor Description F-Secure Radar is a turnkey vulnerability scanning and management platform. It allows you to identify […]
F-Secure Radar Persistent Cross-Site Scripting Vulnerability
CVE-2018-6189 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6189 Summary The application can suggest metadata tags for assets, and in doing so it can execute JavaScript entered previously by a malicious user. Vendor Description F-Secure Radar is a turnkey vulnerability scanning and management platform. It allows you to identify and manage both internal and external threats, report risks, and be compliant with […]