Vulnerabilities
Do automated tools really detect only 45% of all vulnerabilities?
· ☕ 7 min read
If you've dealt with IT security for any length of time, chances are that you've come across a claim that research has shown that automated tools can only detect 45% of vulnerabilities. It is often cited to illustrate the need for participation of human experts in security and penetration tests. However is the claim really true? You may find it in, among many other places, the latest OWASP Testing Guide...

Half-open redirect vulnerability in Youtube
· ☕ 3 min read
If you open any Youtube video, which has in its description a link to an external URL, you may notice that the link points to a Youtube redirection mechanism (https://www.youtube.com/redirect?...), with the target URL being passed to it as a parameter, rather than to the target URL itself...

How big of a problem is the 'open redirect' in Babel?
· ☕ 4 min read
During a recent research into prevalence of open redirection vulnerabilities within the ccTLD .CZ we've done with my colleagues from ALEF CSIRT, I’ve noticed that many of the vulnerable sites seemed to be using CMS Made Simple with Babel multi-language module. This seemed to warrant a closer investigation...

Open Redirection Vulnerability in Babel
· ☕ 2 min read
In this post you may find description of a vulnerability I found in Babel - a CMSMS module - when searching for sites affected by Open Redirection vulnerabilities...