Automating local DTD discovery for XXE exploitation

Last month, we presented at Hack In Paris (France) a XML External Entities (XXE) exploitation workshop. It showcase methods to exploit XXE with numerous obstacles. Today, we present our method to exploit XXEs with a local Document Type Declaration (DTD) file. More...

Large Scale Vulnerability Scanning with Jenkins

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of...

Beyond XSS: Edge Side Include Injection

Update: A new blog post has been published as a follow up to this article : ESI Part 2: Abusing specific implementations. Abusing Caching Servers into SSRF and Client-Side Attacks While conducting a security assessment, we noticed an unexpected behavior in the markup...

An Introduction to Application Security

To remain in business, companies rely on perimeter security to protect, among other, their “secret sauce” recipe and the confidential information of their customers. To this end, information security vendors offer different types of defenses. The intent is commendable...

Pin It on Pinterest