TrustFoundry Blog

Get the latest information security news from TrustFoundry. Including issues relating to information security, and penetration testing.

Referer Redirection and Its Inconspicuous Danger

Referer Redirection and Its Inconspicuous Danger Recently I noticed some peculiar behavior on web application. I observed that in certain situations, the webpage would openly redirect to the ‘Referer’ header defined in the request. In this particular [...]

Cross-Site Request Forgery Cheat Sheet

Cross-Site Request Forgery Cheat Sheet The Cross-Site Request Forgery (CSRF) Cheat Sheet is a flowchart that is designed to cover the common scenarios that an experienced application penetration tester would test for in CSRF testing. It [...]

Can’t Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer

Can't Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer Background When traveling, Elizabeth and I are always a little bit extra cautious; we hide money in special belts, we carry emergency cards [...]

Shells in Your Serial – Exploiting Java Deserialization on JBoss

Shells in Your Serial - Exploiting Java Deserialization on JBoss Background I read a fantastic write-up by Stephen Breen of FoxGlove Security earlier this month describing a vulnerability, present in several common Java [...]