August 18, 2016

VulnHub Necromancer Writeup

This is my writeup for VulHub’s The Necromancer: 1 challenge. This challenge’s a lot of fun, really. There are eleven flags to retrieve, and each flag is a key to...

July 23, 2016

Safe Redirect Gem for Rails

I’ve been responding to vulnerability reports at my office since the last quarter of 2015. Open redirects are among the most common reported vulnerabilities for the first few months. Actually,...

June 15, 2016

Vulnerability on Plurk Android Apps

This article covers a vulnerability in Plurk’s session management, specifically on their Android apps. This vulnerability can be mitigated if we manually revoke the apps’ authorized sessions from the apps...

March 13, 2016

Social Media Login Vulnerability

This article covers things I missed during an implementation of social media login feature for a web application with Facebook and Google+. Both vulnerabilities are reported by a bounty hunter...

January 23, 2016

A Web Agency's Vulnerable Website

This article covers a company profile website. The company is owned by a friend of mine. He runs a web agency, offering his clients custom applications based on a CMS...