by Meador Inge | Aug 3, 2020 | News, Techniques, Tools, Web
Do we have a problem? The World Wide Web have been struggling with how to create portable, efficient and safe programs (pick two) for decades. The current best of breed attempt is called WebAssembly and is affectionately referred to as “WASM”. The project...
by Mike Zusman | Apr 21, 2020 | Featured, News, Techniques
A company asked us for help with a troubling issue: anonymous web site users would randomly become authenticated as other users in their financial services application. The client’s engineering team had no meaningful log data, and wasn’t able to reproduce the issue...
by Aidan Noll | Apr 16, 2020 | Exploits, Labs, News, Techniques, Tools
Intro – GraphQL GraphQL (GQL) is a popular data query language that makes it easier to get data from a server to a client via an API call. GQL is commonly deployed as a critical piece of the technology stack for modern web and mobile applications, and as a...
by Meador Inge | Feb 18, 2020 | Cloud, Featured, News, Techniques, Tools, Web
Introduction At Carve we perform at a lot of web application security assessments. Once we (1) find a vulnerability, we (2) confirm that it’s reproducible, write a proof of concept (PoC) exploit for the vulnerability to determine the impact, and then (3) focus...
by Ángel Suárez-Bárcena Martín | Feb 18, 2020 | Labs, Techniques, Tools, Web
BurpSuite is one of those must-have tools when dealing with web application or API security assessments. Usually, when proxying applications through Burp, a fair amount of noise (advertising and user-tracking 3rd party services, CORS preflight checks, etc.) is also...
by Ángel Suárez-Bárcena Martín | Jan 23, 2020 | AWS, Cloud, News, Techniques
Security is often a big concern when it comes to cloud computing. According to the Cloud Security Alliance (CSA), traditional security issues under the responsibility of cloud service providers (CSPs) are now less frequent, in contrast with those related to design,...
