CSRF in JSF 2.0: Predicting CSRF Tokens for Apache MyFaces
JavaServer Faces (JSF) is a commonly used server-side web framework. Developers appreciate its relative ease of use while security engineers appreciate its ready-made ...
Read MoreSearch
Windows Docker Information Disclosure Vulnerability (CVE-2021-1645)
In 2020, we discovered a vulnerability in the Microsoft Docker implementation and reported it to Microsoft. Microsoft published updates for its Windows client and ...
Read MoreThe Importance of Trust Validation: Microsoft’s Dangerous Mistake
Vulnerability in VSIX signature validation Last year we discovered a vulnerability in the Visual Studio Extension (VSIX) installer, which comes with ...
Read MoreAnalysis of Crypto used by AppVeyor Secure Variables
We recently investigated AppVeyor’s “secure variables” (aka “Encrypt YAML”) feature. We wanted to understand the crypto and algorithms it uses (which is not documen ...
Read More