< newsroom >

Latest news and articles

  • Frida React Native
    :/ News

    Hooking React Native Applications with Frida

    Dynamic instrumentation is the ability to modify the behavior of a program by injecting code into its process. It happens while the app is running, without the need to recompile the application. Among the tools available, Frida is one of the most commonly used for instrumenting applications regardless of their platform. It works with Windows […]

    READ THE ARTICLE
  • :/ Conferences

    Webinar on Proactive Strategies for Early Detection of Vulnerabilities

    In this enlightening talk, we’ll uncover why Secure Code Review is a cornerstone of modern software security practices and how it fundamentally reshapes the game rules in safeguarding applications. Through a blend of real-world examples, case studies, myths, and legends, we’ll explore how Secure Code Review serves as a proactive shield, enabling the detection of vulnerabilities that may otherwise evade detection through traditional penetration tests.

    READ THE ARTICLE
  • :/ News

    How good is your JavaScript obfuscation?

    Not every obfuscated code is the same. So when is JavaScript obfuscation good enough? Effectively obfuscating code is harder than you think.

    READ THE ARTICLE
  • :/ Conferences

    Webinar about Secure Code Review

    Learn why it is critical to conduct a Secure Code Review and how this advanced practice redefines the rules of the game in application protection.

    READ THE ARTICLE
  • :/ News

    It’s time to secure your AWS Cognito configuration

    When a missing flag in Amazon Cognito can lead to an authorization bypass vulnerability. It is relatively easy to abuse and fix this issue.

    READ THE ARTICLE
  • :/ Conferences

    BeDefended on stage at HackInBo 2022

    Simone Bovi will talk next 28th May at HackInBo Spring Edition 2022 about Smart Contract (In)Security – How to lose money without trading.

    READ THE ARTICLE
  • :/ News

    How to protect your Decentralized Application

    Before launching a Smart Contract on the Ethereum blockchain or deploying a decentralized application, it is important to be sure that the code is secure.

    READ THE ARTICLE
  • :/ News

    Why Smart Contract security matters

    Businesses deploying on Ethereum often rely on a smart contract, but new vulnerabilities emerge, requiring a tight security strategy.

    READ THE ARTICLE
  • :/ Conferences

    BeDefended on stage at HackInBo 2018

    Davide Danelon will talk next 27th October at HackInBo Winter Edition 2018 about CORS (In)Security.

    READ THE ARTICLE
  • :/ News

    The Complete Guide to CORS (In)Security

    A complete guide to protect Cross-Origin Resource Sharing (CORS).

    READ THE ARTICLE
  • :/ News

    Avoid Tapjacking on Cordova apps

    How to prevent tapjacking attacks on Cordova hybrid applications. TapjackingProtectionPlugin open source Cordova plugin.

    READ THE ARTICLE
  • :/ News

    When brute force prevention can turn in DoS

    Account lockout could be a solution worse than the problem. Some practical advices to protect an app without introducing DoS.

    READ THE ARTICLE
  • :/ News

    Implementing secure CORS on Tomcat

    When trusting default configuration leads to security issues. What are CORS misconfigurations and how to exploit them.

    READ THE ARTICLE
  • :/ resources

    File Inject Frida Tool

    Released a new CLI tool to help and facilitate (React Native) Penetration Testing activities.

    VIEW ON GITHUB
  • :/ resources

    Complete Guide to CORS (In)Security

    A guide with all the techniques to test and protect CORS implementations.

    DOWNLOAD PDF
  • :/ resources

    Request Highlighter for Burp Suite

    Released a new Burp Suite extension to help and facilitate manual penetration testing activities.

    VIEW ON GITHUB