Behind the Bug
During a recent engagement, I was tasked with testing a web application, in a non-production environment, with Multi-Factor Authentication (MFA). As I began testing, I realized that all of the […]
During a recent engagement, I was tasked with testing a web application, in a non-production environment, with Multi-Factor Authentication (MFA). As I began testing, I realized that all of the […]
During one of our Red Team Engagements we were able to gain a foothold on our client’s perimeter via default credentials for an uncommon application server. Once we had this […]
Oh dear, what have I gotten myself into? I recently started at White Oak Security and I’m getting a different set of pentesting experiences under my belt. Life has been […]
Secure360 just took place here in Minnesota on May 14th through the 15th. One interesting addition this year I noticed was the Cyber Range Capture The Flag (CTF). At the […]
White Oak Security is excited to be a 2018 sponsor of the Minnesota chapter of the Information Systems Security Association (ISSA). We fully support their efforts to promote education, networking […]
I want to start by thanking the folks at CBS Interactive andCBS Corporation for working so diligently with me on remediating the issues Idiscovered, and for responsibly disclosing these issues. […]
Summary=========The CBSSports.com fantasy sports sites do not properlyenforce access control between user accounts at the same privilege level withinthe application. This behavior could be leveraged by an attacker to send […]
Summary=========The CBSSports.com fantasy sports sites do not prevent unauthorized execution of sensitive operations initiated outside the authorized application workflow. This behavior could beleveraged by an attacker through a Cross-Site Request Forgery […]
Summary=========The CBSSports.com fantasy sports sites did not properly enforce access control between user accounts at the same privilege level within the application. This behavior could be leveraged by an attacker […]
Summary=========The CBSSports.com fantasy sports sites did not properly enforce access control between user accounts at the same privilege level within the application. This behavior could be leveraged by an attacker […]