Application Security, Penetration Testing, Security Consulting, Vulnerability Management, DDoS Testing, Threat Hunting, Awareness Training, Bug Bounty, Blockchain Security, Security Research
In Russian: https://blog.deteact.com/ru/common-flaws-of-sms-auth/ Many online services use SMS to authenticate users. But subtle implementation mistakes may lead to major problems. This is what we will talk about in this article. Intro This authentication protocol is
This year’s ZeroNights conference was held on 12-13 November in Saint Petersburg. Our team participated in the Web Security Village, where Ramazan Ramazanov, a security researcher at DeteAct, presented his continued research about Doctrine Query
Our team participated in the KazHackStan conference for the third time. We help the Call for Papers committee and presented our researches at this excellent conference in Kazakhstan. This year, Ramazan Ramazanov, a security researcher
In Russian: https://blog.deteact.com/ru/yandex-clickhouse-injection/ In order to process a large amount of data in Yandex.Metrika, Yandex created a column-oriented DBMS ClickHouse. During penetration tests, we encountered ClickHouse in the systems of statistics, event collection, stock exchange
In Russian: https://blog.deteact.com/ru/dql-injection Modern web applications are less prone to injections, everyone uses prepared queries and ORM, but we still encounter such vulnerabilities in the wild. SQL dialects built into ORM libraries are of particular
Last year, the OffZone conference was held in November, and I (Omar Ganiev, CEO of DeteAct) presented a research about multi-layered web applications and their security issues. This year OffZone happened on 17-18 June, and
We’ve presented our products and services at the huge information security conference Positive Hack Days on 21-22 May in Moscow. Reports say, there were over 9000 participants this year.We were happy to have a chance
Welcome back and check out our brief public profile at Y Combinator Startup School: https://www.startupschool.org/companies/deteact We graduated from the Advisor Track in November 2018. SUS gave us a lot of useful tips and hacks, sobering
We’re happy to announce that Deteact has been accepted into the Advisor Track of Y Combinator’s Startup School! For the next 10 weeks, we will be a part of the group of 27 companies supervised by
Today there’s a number of publicly available EVM bytecode decompilers. However, many of them actually work only for toy examples and fail on real-world programs. This is one of the problems for Ethereum smart contracts