• slide

    Minded Security at BlackHat

    July 26-27, 2017
    Mandalay Bay - Las Vegas

  • Marco Morana, Director at Minded Security UK has released a brand new book on Process for Attack Simulation and Threat Analysis.

    Marco Morana, Director at Minded Security UK has released a brand new book on Process for Attack Simulation and Threat Analysis.

  • Are your developers aware about how to fix vulnerabilites in the code?

    Are your developers aware about how to fix vulnerabilites in the code?

  •  Is your management aware of cyber security risks?

    Is your management aware of cyber security risks?

  • Do you know which vulnerabilities have most impact to your business?

    Do you know which vulnerabilities have most impact to your business?

  • Are you verifying the JavaScript Code you are developing?

    Are you verifying the JavaScript Code you are developing?

Latest news from our blog

RCE in Oracle NetBeans Opensource Plugins: PrimeFaces 5.x Expression Language Injection

PrimeFaces is a open source User Interface (UI) component library for JavaServer Faces (JSF) based applications, sin...

Posted on Monday February 15

RAT WARS 2.0: Advanced Techniques for Detecting RAT Screen Control

In the landscape of web maliciousness Remote Administration Trojans [1] are not a new trend but their usage is still strong and growing steady. At its core a RAT is a backdoor facility used to let an attacker enter unnoticed into the victim computer to control it remotely: for example most banking trojan nowadays are using remote desktop modules to open a...

Posted on Friday February 05

Request parameter "_method" may lead to CakePHP CSRF Token Bypass

In CakePHP we noticed that under certain circumstances is it possible to bypass the built-in security checks offered by CSRF and anti-tampering.As stated in the official documentation "By using the Security Component you automatically get CSRF and form tampering protection" [1], however this is not true in case a form controller does not check whether the request is...

Posted on Tuesday January 12

3.100.000

end users protected

1000M

dynamic web pages scanned

17

Achieved Countries