Websec Cybersecurity Blog
Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.
Featured Article
Our most important cybersecurity insight
A Comparison Between the Real User ID and the Effective User ID is not Enough to Prevent Privilege Escalation
In Unix-like systems, processes have a real and effective user ID determining their access permissions. While usually identical, they can differ in situations like when the setuid bit is activated in executables.
A Comparison Between the Real User ID and the Effective User ID is not Enough to Prevent Privilege Escalation
In Unix-like systems, processes have a real and effective user ID determining their access permissions. While usually identical, they can differ in situations like when the setuid bit is activated in executables.
CVE-2022-21404: Another story of developers fixing vulnerabilities unknowingly because of CodeQL
How CodeQL may help reduce false negatives within Open-Source projects. Taking a look into a deserialization vulnerability within Oracle Helidon (CVE-2022-21404).
Cybersecurity in Web Applications - Where to start? Where to improve? Where to learn more?
A list of resources for web application security and a short description of what each resource covers.
Hardening guide for JBoss EAP 7.0
This time we are sharing a hardening guide for JBoss EAP 7.0 servers.
Nmap scripts for Trane Tracer SC HVAC
8.8 Mexico will take place on October 11 in Mexico City. Websec will be represented by Paulino Calderón who will give his talk, "Defeating Monkeys with Scanners".
Ncrack and Nmap NSE development for offense and defense - DEFCON CHINA
Paulino Calderon (@calderpwn) represented Websec in the first edition in China of the world-renowned DEFCON event. Here we share all the material of your workshop.