Monday, December 5, 2022

Hackfest 2022: Web Application Firewall (Bypasses) Workshop

Last month, I presented a workshop on Web Application Firewall (WAF) bypasses at Québec's Hackfest security conference.

The workshop gather examples I came accross in various assesments of the last few years. Testers (including myself) tend to go for the more complex techniques. I am hoping it will help put the spotlight on ideas that are not encoding related.

Thursday, March 17, 2022

6 Privacy Pitfalls for Developers to Avoid

While tech-savvy people are very concerned about privacy, knowing where to find metadata leaks can be nebulous even for developers. In this blog post, we will explore examples of unexpected user information leakage. We hope that the information shared in this blog will help developers assess and address potential privacy issues with their applications, as well as educate end-users about potential risks to their privacy that can result from information leaks.

We picked six examples based on design flaws that are often overlooked. We recognize that common vulnerabilities such as SQL injection and memory corruption often lead to confidentiality and privacy issues as well. We feel that these issues also pose a significant risk to privacy and can compromise personal data if not addressed properly.