The Curse of Old Java Libraries

Java is known for its backward-compatibility. You can still execute code that was written many years ago, as long as you use an appropriate version of Java. Thanks to this feature, modern projects use a wide range of libraries that have been “tested by time”…

Read more

Bypassing SOP Using the Browser Cache

Misconfigured caching can lead to various vulnerabilities. For example, attackers may use badly-configured intermediate servers (reverse proxies, load balancers, or cache proxies) to gain access to sensitive data. Another way to exploit caching is through Web Cache Poisoning attacks. The browser cache may look like…

Read more

A Fresh Look On Reverse Proxy Related Attacks

In recent years, several researches have been published about attacks deliberately or directly related to reverse proxies. While implementing various reverse-proxy checks on the scanner, I started analyzing implementations of reverse proxies. Initially, I wanted to analyze how both reverse proxies and web servers parse…

Read more