What is your cybersecurity need?
Protect your evolving assets.
Scale app security across the SDLC.
Build your brand and protect your customers.
Meet compliance requirements and more.
Reshaping the way companies find and fix critical vulnerabilities before they can be exploited.
The first step in receiving and acting on vulnerabilities discovered by third-parties.
Continuous testing to secure applications that power organizations.
Establish a compliant vulnerability assessment process.
Highly vetted, specialized researchers with best-in-class VPN.
Enhance your hacker-powered security program with our Advisory and Triage Services.
Hacking, AppSec, and Bug Bounty newsletter
Tuesday, July 16, 2019
Single WAF rule broke Cloudflare, wonderful post by John Graham-Cumming. Check the Appendix: About Regular Expression Backtracking for technical details
TWEET OF THE DAY
Thread on learnings from $15K critical SSRF by @nbahoragg
OTHER ARTICLES WE’RE READING
Cracking windshields, firing XSS payloads. Nice writeup by @zlz on a Tesla report.
In this week’s rendition of “Tom’s tips”, we review the reasons for not going out of scope
Insta race condition, $30K bug
Tool alert: silver, a cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS by Bishop Fox’s @LittleJoeTables
Turla back with Topinambour malware per research by Kaspersky
HBD Google’s Project Zero
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
One of the agents responding to my cracked windshield fired my XSS hunter payload from within the context of the “[redacted]” domain.
This was super exciting.
Reduce your company’s risk of security vulnerabilities and tap into the world’s largest community of security hackers. Contact us today to see which program is the right fit.