Bismillahi-r-Rahmani-r-Rahim
(In the name of Allah, the Compassionate, the Merciful)
Assalamu Alaikum (peace be upon you)

بسم الله الرحمن الرحيم

Assalamu Alaikum

Automating REST Security Part 3: Practical Tests for Real-World APIs If you have read our two previous blogposts, you should now have a goo...

Our previous blog post described the challenges in analyzing REST API implementations. Despite the lack of REST standardization, we learned ...

Although REST has been a dominant choice for API design for the last decade, there is still little dedicated security research on the subjec...

In July 2020, we introduced a novel attack class called Shadow Attacks . In our recent research, we discovered a new variant of the attack w...

In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TL...

In this post, Christian Fries shows an approach to unveil security flaws in OpenID Connect Certified implementations with well-known attack...

This blog post is aimed to express and explain my surprise about Signal being more secure than I thought (due to receipt acknowledgments). ...

As you might have heard, we recently got our paper on padding oracle attacks accepted to the USENIX Security Conference. In this paper, we ...

In the last two years, we changed the TLS-Attacker Project quite a lot but kept silent about most changes we implemented. Since we do not h...

One year ago, we received a contract as a PDF file. It was digitally signed. We looked at the document - ignoring the "certificate is not tr...

We found out that reusing a key pair across different versions and modes of IPsec IKE can lead to cross-protocol authentication bypasses, e...

We found out that in contrast to public knowledge, the Pre-Shared Key (PSK) authentication method in main mode of IKEv1 is susceptible to o...

SAST, DAST, and SCA are more known as shift left tools.

Gartner defines the application security testing (AST) market as the buyers and sellers of products and services designed to analyze and…

TD;LR This is a SQL Injection cheat sheet for the Teradata database. This is an initial version and not comprehensive enough yet.

A few days ago at a conference, I asked a room full of engineers three simple questions:

Strong threat modeling tools are more important than ever in the constantly changing field of cybersecurity. Tools like OWASP Threat Dragon…

In the rapidly evolving landscape of technology, the integration of low-code development with artificial intelligence (AI) has ushered in a…