Security of a Country: Portugal

Portugal is our second destination in our series “Security of a Country”. Back in 2012, some of our team members conducted a research about the state of cybersecurity in Portugal at that time. After 4 years and with big developments in our 40fy platform, we decided to gather some fresh…

Security of a Country: Portugal

Portugal is our second destination in our series “Security of a Country”. Back in 2012, some of our team members conducted a research about the state of cybersecurity in Portugal at that time. After 4 years and with big developments in our 40fy platform, we decided to gather some fresh…

Announcing: Cyberfables

For far too long we've heard "The problem of security is always the user", so we decided to put our heads to work to try and tackle this problem. For the last couple of months we have been so focused on our B2B product that it felt great to start…

Announcing: Cyberfables

For far too long we've heard "The problem of security is always the user", so we decided to put our heads to work to try and tackle this problem. For the last couple of months we have been so focused on our B2B product that it felt great to start…

XML Parser Evaluation

XML Parser EvaluationFor some time now, we've been researching in excruciating detail the prevalence of DTD attacks on different XML parsers.For a quick recap which attacks are possible, see our DTD Cheat Sheet post.In this post, we present you the results in a nutshell.The information presented here is based on this…

XML Parser Evaluation

XML Parser EvaluationFor some time now, we've been researching in excruciating detail the prevalence of DTD attacks on different XML parsers.For a quick recap which attacks are possible, see our DTD Cheat Sheet post.In this post, we present you the results in a nutshell.The information presented here is based on this…

DTD Cheat Sheet

When evaluating the security of XML based services, one should always consider DTD based attack vectors, such as XML External Entities (XXE) as,for example, our previous post XXE in SAML Interfaces demonstrates.In this post we provide a comprehensive list of different DTD attacks.The attacks are categorized as follows:Denial-of-Service AttacksClassic XXEAdvanced XXEServer-Side Requst…

DTD Cheat Sheet

When evaluating the security of XML based services, one should always consider DTD based attack vectors, such as XML External Entities (XXE) as,for example, our previous post XXE in SAML Interfaces demonstrates.In this post we provide a comprehensive list of different DTD attacks.The attacks are categorized as follows:Denial-of-Service AttacksClassic XXEAdvanced XXEServer-Side Requst…