Around February 2022, an innocent-looking Linux kernel vulnerability corrupted some log files. Digging in and analyzing the root causes led to discovering the dirty pipe vulnerability. This allows attackers with local access to escalate to root. Oh no, was it an overflow again? Not this time; read on to find out!
All tags
The sudo bug
Monday, Apr 26, 2021 by Richard Kovacs
Did you also think that Unix-based operating systems are the superior species in terms of security? Well, maybe you should reconsider that. In early 2021, a severe bug was found in them, which affected many Unix systems. When the report about it arrived, the bug was already patched, but let’s look at it in this article.
Injections, where code meets data
Friday, Feb 14, 2020 by Daniel Szpisjak
Injections are still one, if not the most serious, flaws a developer can make. This post deconstructs the vulnerability and puts it back together to offer you a solid understanding to build on. After reading it, you will never think of injections the same way.
Introducing the Labs
Wednesday, Jan 30, 2019 by Daniel Szpisjak
Optimal learning happens when theory meets practice. The Securitydrops Labs is designed to give you a training ground to practice your hands-on skills. It gives you a highly configurable web application, where you can play around in a sandbox.
360 view of XSS from the trenches
Monday, Apr 3, 2017 by Daniel Szpisjak
When a software developer first gets exposed to web security, he will inevitably memorize his first acronym: XSS! It stands for “cross site scripting”, and it is one of the oldest vulnerabilities around. Its origins are way back in the 90’s when Javascript was the new kid on the block. XSS (back then it was CSS) was its evil little brother, and it still thrives on its sibling’s success. One may wonder “Why is it called cross site scripting?