• Minded Security is 1 of the top 11 Cyber Security firms in UK for innovation!

    Minded Security is 1 of the top 11 Cyber Security firms in UK for innovation!

  • Marco Morana, Director at Minded Security UK has released a brand new book on Process for Attack Simulation and Threat Analysis.

    Marco Morana, Director at Minded Security UK has released a brand new book on Process for Attack Simulation and Threat Analysis.

  • Are your developers aware about how to fix vulnerabilites in the code?

    Are your developers aware about how to fix vulnerabilites in the code?

  •  Is your management aware of cyber security risks?

    Is your management aware of cyber security risks?

  • Do you know which vulnerabilities have most impact to your business?

    Do you know which vulnerabilities have most impact to your business?

  • Are you verifying the JavaScript Code you are developing?

    Are you verifying the JavaScript Code you are developing?

  • Are the online transactions of my service under attack?

    Are the online transactions of my service under attack?

  • Are my outsourcers developing Secure Software?

    Are my outsourcers developing Secure Software?

  • Are my Internet facing applications secure?

    Are my Internet facing applications secure?

  • Is your company aware of cyber security risks?

    Is your company aware of cyber security risks?

  • Are you reviewing in depth your business critical application?

    Are you reviewing in depth your business critical application?

  • Are you reviewing in depth your mobile applications?

    Are you reviewing in depth your mobile applications?

  • Have you got a set of secure coding guidelines for all your technologies?

    Have you got a set of secure coding guidelines for all your technologies?

  • Minded Security Webinar

    Minded Security Webinar

Latest news from our blog

RAT WARS 2.0: Advanced Techniques for Detecting RAT Screen Control

In the landscape of web maliciousness Remote Administration Trojans [1] are not a new trend but their usage is still strong and growing steady. At its core a RAT is a backdoor facility used to let an attacker enter unnoticed into the victim computer to control it remotely: for example most banking trojan nowadays are using remote desktop modules to open a...

Posted on Friday February 05, 2016

Request parameter "_method" may lead to CakePHP CSRF Token Bypass

In CakePHP we noticed that under certain circumstances is it possible to bypass the built-in security checks offered by CSRF and anti-tampering.As stated in the official documentation "By using the Security Component you automatically get CSRF and form tampering protection" [1], however this is not true in case a form controller does not check whether the request is...

Posted on Tuesday January 12, 2016

Reliable OS Shell with - EL [ Expression Language ] - Injection

Abusing EL for executing OS CommandsExpression Language injection Wow! It may lead to remote command execution on modern Servlet environments. This was  pointed out by Dan Amodio in 2012 with his art work exploit against Spring Double-Evaluation vulnerability (CVE-2011-...

Posted on Monday November 23, 2015

3.100.000

end users protected

1000M

dynamic web pages scanned

17

Achieved Countries