Security Blog

Beware of the Magic SpEL(L) – Part 2 (CVE-2018-1260)

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation.

read more

Beware of the Magic SpEL(L) – Part 1 (CVE-2018-1273)

This February, we ran a Find Security Bugs scan on over at least one hundred components from the Spring Framework, including the core components (spring-core, spring-mvc) but also optional components (spring-data, spring-social, spring-oauth, etc.). From this...

read more

Beyond XSS: Edge Side Include Injection

Update: A new blog post has been published as a follow up to this article : ESI Part 2: Abusing specific implementations.   Abusing Caching Servers into SSRF and Client-Side Attacks While conducting a security assessment, we noticed an unexpected behavior in the...

read more

IDC Technology and Customer Spotlights

A few months ago, the International Data Corporation (IDC) conducted a Technology Spotlight and a Customer Spotlight on our company. The two reports: Advanced Managed Security in a New Era: Simple Steps to Rapid Response Advanced Managed Security and Yellow Pages: Better Security, Great User Experience reaffirm our position as a high-quality provider of managed security services, one that follows a flexible and customer-centric approach.

read more

Categories

Pin It on Pinterest