Tag: ServerSecurity

Articles tagged with ServerSecurity

ServerSecurity Articles

Heartbleed Vulnerability in 2024: A Fresh Case from Our Pentest

20 September, 2024

During a recent security audit, vulnerability known as The Heartbleed Bug was discovered on two publicly accessible servers. What is interesting it is a fact that this vulnerability was discovered 10 years ago! It allows an attacker to access data directly from the memory of vulnerable systems. In fact, it enables the extraction of sensitive information, including credentials, without any pre-existing access or authentication requirements.

READ article

Denial of Service Due to Improper Handling of Decimal Values

Dariusz Tytko

13 September, 2024

During one of my recent pentests, I found an interesting Denial of Service (DoS) vulnerability that allows an attacker to cause the server to become unavailable. The severity of this vulnerability has been classified as HIGH because it can be exploited with a single HTTP request.

READ article

Server shutdown via GraphQL during real-life pentest

KAMIL JAROSIŃSKI

19 February, 2024

GraphQL is a query language and environment created by Facebook in 2012 and released publicly in 2015. However, it has only gained significant popularity among developers and organizations in the last few years. Why is it so popular? GraphQL serves as an alternative to traditional API protocols, like REST, offering a more flexible and efficient way for client-server communication. The emergence of new technology opens up new perspectives and solves some problems, but unfortunately, it also introduces threats. This is the case with GraphQL. If used without proper knowledge, it could potentially allow for a DoS (Denial of Service) attack.

READ article

A professional cybersecurity consultant ready to assist with your inquiry.

Any questions?