Highly accurate Information Security Testing

Security Blog

Leveraging HttpOnly Cookies via XSS Exploitation with XHR Response Chaining

Posted: April 1, 2019

Introduction In this blog post we will be discussing basic and practical Cross-Site Scripting (XSS) exploitation as well as discussing ways to leverage XSS despite the presence of the HttpOnly attribute on sensitive cookies.   Background The classic Cross-Site Scripting (XSS) exploit payload uses JavaScript to send the victim’s session cookie to an attack machine. […]

Read Full Article

SSRF’s up! Real World Server-Side Request Forgery (SSRF)

Posted: January 21, 2019

In this blog post we’re going to explain what an SSRF attack is, how to test for it, and some basic guidelines on how to fix it

Read Full Article

Product Security Advisory – PSA0002 – dnaLIMS

Posted: March 8, 2017

Shorebreak Security Product Security Advisory Software dnaLIMS Vendor dnaTools (http://www.dnatools.com/) Version Tested Version 4-2015s13 Vulnerability Type Multiple vulnerabilities Severity Critical CERT/CC VU# 929263 Date Discovered Nov 6, 2016 Date Disclosed Mar 8, 2017 Summary Shorebreak Security penetration testers discovered seven serious vulnerabilities in the dnaLIMS web application during the course of a blackbox penetration test […]

Read Full Article