Clik here to view.
BeanShell puts Java Application Servers at Risk
Developers increasingly integrate BeanShell support into web applications to provide end users and administrators with a simple extension framework. But be warned! BeanShell support without appropriate...
View ArticlenevisProxy Advisory Release
Today, Compass Security published a public advisory regarding nevisProxy, a product from AdNovum, used by several Swiss financial institutions. nevisProxy is a secure reverse proxy with an integrated...
View ArticleExcuse me, where is the best site of the city? After the DOM, just turn right!
During a SharePoint 2013 penetration test I performed last November, I noticed that a dynamically constructed JavaScript constantly fetched content or redirected me to the requested pages. Using a...
View ArticleSAML SP Authentication Bypass Vulnerability in nevisAuth
Two months ago, we wrote about SAML Raider, a Burp extension which allows automating SAML attacks based on manipulations of the intercepted security assertion. Using this tool, we were able to identify...
View Article
