Tag: security

Adobe Experience Manager Vulnerability Scanner

Adobe Experience Manager is content management system that is based on Apache Sling – a framework for RESTful web-applications based on an extensible content tree. Apache Sling in its turn is basically a REST API for Apache Jackrabbit, which is an implementation of Content Repository API for Java (JCR). The main principle of JCR is…

12 July 2018
Predicting Random Numbers in Ethereum Smart Contracts

Slides from my AppSec California 2018 talk “Predicting Random Numbers in Ethereum Smart Contracts” Detailed blog post: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620

1 February 2018
Looting GraphQL Endpoints for Fun and Profit

In one of the previous posts about the state of modern web applications security I mentioned GraphQL – a new technology for building APIs developed by Facebook. GraphQL is rapidly gaining popularity, more and more services switch to this technology, both web and mobile applications. Some of the GraphQL users are: GitHub, Shopify, Pintereset, HackerOne…

8 June 2017