Ron Waisberg

Uncovering and Disclosing a Signature Spoofing Vulnerability in Windows Installer: CVE-2021-26413

Okta Security has discovered and disclosed a new bypass in Windows Installer (MSI) Authenticode signature validation that could allow an attacker to disguise an altered package as legitimate software.

David Bradbury

A CSO’s perspective on the recent Verkada cyber attack

At Okta we are committed to ensuring the safety of our employees and workplaces. Nothing is more important to us than the trust of our employees, customers and partners. Transparency is one of our core values and in that spirit, I wanted to offer a reflection on the recent Verkada cyber attack. We partner with a number of cloud technology companies to achieve our holistic approach to security, and one of those companies is Verkada. It supplies us with cameras that we use in our office entrances...

Vickie Li

Why Is It So Hard To Prevent Open Redirects?

In my last post, we talked about how open redirects can allow attackers to steal tokens from OAuth systems. Today, let’s take a deeper dive into open redirects and explore why it’s so prevalent in web applications! Sites often have HTTP or URL parameters that cause the web application to redirect to a specified URL without any user action. Open redirects are a type of vulnerability that happens when an attacker can manipulate the value of this parameter and cause users to be redirected...

Vickie Li

Stealing OAuth Tokens With Open Redirects

SSO is a feature that allows users to access multiple services belonging to the same organization without logging in multiple times. For example, if you are logged into “”, you won’t have to re-enter your credentials to use the services of “”. This way, companies with many web services can manage a centralized source of user credentials instead of keeping track of users for each site. And, users won’t need to log in multiple times when using the different services...

Marc Rogers

SAML Certificate Security: The Latest Findings and Potential Impacts

Recently, the National Security Agency (NSA) published new findings that reference how previously discovered tactics, techniques, and procedures (TTPs) abusing federated authentication could be used in conjunction with on-premises network access to gain broad access across an organization’s applications. The Cybersecurity and Infrastructure Agency (CISA) has also updated its bulletin to include these attacks, and Microsoft has also published insights. This advisory comes on the heels of the...

Vickie Li

More Than Subdomain Takeover: Ways To Takeover, Hijack And Impersonate Your Website

In my last post about subdomain takeovers, we talked about what subdomain takeovers are and how hackers can use them to attack shared-session SSO. Today, let’s dive deeper into subdomain takeovers and some other ways hackers can hijack your website. Subdomain Takeover Recap Subdomain takeover is when a hacker takes control over a company’s unused subdomain. It happens when a stale DNS entry points to a domain that is available for registration. Let’s say a company hosts its site on a...

Vickie Li

Building A Subdomain Takeover Monitor

In a previous article, we talked about the different types of subdomain takeovers and how hackers can use them to attack SSO systems. The impact of a subdomain takeover can vary. At the very least, subdomain takeovers enable attackers to launch sophisticated phishing campaigns. In some cases, this can lead to Cross-Site Scripting (XSS) attacks or malicious redirects. And, when a site uses shared-session SSO, this could even lead to session theft and account takeovers! Unfortunately, subdomain...

Vickie Li

Password Spraying Attacks and How to Prevent Them

Have you heard of password brute-force attacks? A brute-force attack is when attackers try to compromise an account by guessing its password. Let’s say an attacker is trying to compromise the account of the user “john” by brute-forcing the account password. The attacker will first generate a password list to use. They can either use a dictionary of common passwords found online, or a list of likely passwords generated based on knowledge of the user. Then, the attacker uses a script to rapidly...

Vickie Li

Tightening Up Your Github Security

GitHub reconnaissance is a tactic attackers use to gather information about their targets. Attackers analyze an organization’s GitHub repositories and check for sensitive data that has been accidentally committed or information, potentially leading to the discovery of a vulnerability. Today, we'll take a look at how attackers research your GitHub repositories. By looking at these recon techniques, you can find out what is revealed through your GitHub repositories and what you can do to...

Gaurav Kohli and Matt Raible

SQL Injection in Java: Practices to Avoid

SQL injection is one of the most common types of vulnerabilities found in web applications. Today, I'm going to explain what SQL injection attacks are and walk you through the process of exploiting a simple Spring Boot-based application. After we've exploited this simple Java app, we'll then learn how to fix the problem. Sound fun? Let's do it! Prerequisites Before starting, make sure you have the following tools installed: Java 8 HTTPie - A simple command line HTTP client Docker Desktop -...

Page 1 of 5