Articles for tag "Security": 11

HTTP Strict Transport Security (HSTS)
2017 Jan 27

HTTP Strict Transport Security (HSTS)

This article will give a general overview over HTTP Strict Transport Security (HSTS) and discuss what attacks it tries to prevent, as well as how to use it correctly.

Content Security Policy (CSP)
2016 Dec 20

Content Security Policy (CSP)

Content Security Policy (CSP) is a HTTP header that can be used as defense in depth to mitigate certain types of attacks, especially Cross-site scripting (XSS) and Clickjacking. This article will explain when and how to use CSP.

Advanced Clickjacking Attacks
2016 Dec 08

Advanced Clickjacking Attacks

It is often assumed that allowing a site to be framed only has minor security implications. Clickjacking in particular is often associated with low-impact issues such as stealing Facebook likes. This article will show that allowing a site to be framed may be a more potent attack vector than often assumed. Framing makes some vulnerabilities easier or more realistic to exploit. Clickjacking can be used for more than just stealing likes, and in some contexts Clickjacking can gain the full power of CSRF - albeit with more user interaction.

Security Implications of GET/POST Interchangeability
2016 Nov 03

Security Implications of GET/POST Interchangeability

This article will provide a short overview of the security implications of treating POST and GET requests interchangeably, thus allowing a POST to GET downgrade. It will conclude with possible solutions.

Penetration Tester / Security Consultant (m/w)
2016 Sep 06

Penetration Tester / Security Consultant (m/w)

Die Curesec GmbH berät Unternehmen bei der Umsetzung sicherer IT-Systeme. Wir bieten Schwachstellenanalysen von Umgebung und Applikationen, z.B. in Onlineshops, Firmennetzwerken, Applikationen und externen Devices, um Unternehmens- und Kundendaten vor schädlichem Zugriff abzusichern.

CVE-2014-N/A com.android.contacts
2014 Jul 04

CVE-2014-N/A com.android.contacts

This bug is similar to CVE-2013-6272 but is only exploitable on older Android versions. The bug exists in the component com.android.contacts.

CVE-2013-6272 com.android.phone
2014 Jul 04

CVE-2013-6272 com.android.phone

We conducted a deep investigation of android components and created some CVEs plus reporting Bugs to the Android Security Team in late 2013. Today we want publish one reported and one similar vulnerability.

2014 Apr 09

"Heartbleed" security checkup

Two days ago a critical security gap in one of the most common encryption protocolls (SSL) named „Heartbleed“ was published. We offer a free checkup to our clients!

Nsdtool published
2014 Mar 05

Nsdtool published

Nsdtool is a toolset of scripts used to detect netgear switches in local networks.

We have moved into our new office!
2013 Oct 02

We have moved into our new office!

Curesec has turned two years old! As a birthday present we have moved into our new office! 165sqm space for the security enthusiasts!

Curesec @ BSIs ‘Allianz für Cyber-Sicherheit’
2013 Jun 20

Curesec @ BSIs ‘Allianz für Cyber-Sicherheit’

Curesec took a part in this year conference of the so called alliance for cyber security by the German federal agency for security in IT-Technology.