Imran Parray

Imran Parray

I am the one reminding everyone to double-check their passwords.
Changelog: Introducing Jira Integration
changelog Featured
Changelog: Introducing Jira Integration
We’re thrilled to announce a new feature in Snapsec Suite’s Vulnerability Management solution: Jira Adapter Integration. With this update, you can now connect Jira directly to Snapsec VM, making it easier than ever to send vulnerabilities as issues to your Jira projects for streamlined resolution. 🚀What’s New!
3 min read
Changelog: Downloading Vulnerability Reports
changelog Featured
Changelog: Downloading Vulnerability Reports
We’re excited to introduce a highly requested feature in Snapsec Suite’s Vulnerability Management solution: Downloading Vulnerability Reports as PDF. This new capability empowers teams to generate detailed, professional, and portable reports with just one click, making documentation and collaboration easier than ever. What’s New! 🎉Download Vulnerability Reports
2 min read
Changelog: Sharing Full Assessment Reports
changelog Featured
Changelog: Sharing Full Assessment Reports
We’re excited to introduce a new feature in the Snapsec Suite’s Vulnerability Management solution: Full Assessment Report Sharing. This feature empowers teams to seamlessly share comprehensive Vulnerability Assessment reports with internal and external stakeholders, enhancing collaboration and visibility across the board. What’s New! Sharing Full Assessment Reports:
2 min read
Changelog: Sharing Vulnerability Reports
changelog Featured
Changelog: Sharing Vulnerability Reports
We’re thrilled to announce a new feature in the Snapsec Suite’s Vulnerability Management solution: the ability to Share Vulnerability Reports Publicly. This feature simplifies collaboration by enabling teams to generate a shareable link for vulnerability reports and control their accessibility. What’s New! 🎉Share Vulnerability Reports Publicly: * Generate
2 min read
Changelog: Introducing Remediation Progress Bar
changelog Featured
Changelog: Introducing Remediation Progress Bar
We’re excited to roll out a new feature in the Snapsec Suite’s Vulnerability Management solution: the Remediation Progress Bar. This enhancement gives you a clear, visual representation of the remediation status for each security exercise, helping your team stay on top of vulnerability resolution. 🎉 Remediation Progress Bars: * Easily
1 min read
How we found an IDOR in Jira
case-studies
How we found an IDOR in Jira
This blog details our discovery of an Insecure Direct Object Reference (IDOR) vulnerability in JIRA, a product by Atlassian. You may be familiar with Atlassian platform from our previous blog, where we discussed how we found a wormable XSS vulnerability in their web application. If you haven't already,
6 min read
How We Found a Wormable XSS in Atlassian
case-studies
How We Found a Wormable XSS in Atlassian
We recently uncovered an interesting vulnerability during a security assessment at Snapsec, An XSS attack capable of spreading to other organizations—a wormable XSS. This blog will delve into how we crafted an XSS payload that exploited Atlassian's interconnected web application, giving you a first-hand look at how
7 min read
Snapsec - Asset Inventory Management
Snapsec Suite Featured
Snapsec - Asset Inventory Management
There is a great saying in cybersecurity: "Anything you can't see, you can't secure." In an ever-evolving threat landscape, gaining visibility into your organization's assets is more crucial than ever. So Asset Inventory Management (AIM) solutions are designed to provide comprehensive insights
6 min read
Snapsec - VDP Management
Snapsec Suite Featured
Snapsec - VDP Management
In today's complex digital landscape, cyber threats pose a constant risk to organizations of all sizes. Traditional security measures, while essential, often struggle to keep pace with the rapid evolution of cyberattacks. Zero-day vulnerabilities, in particular, can be exploited by malicious actors to compromise sensitive data, disrupt operations,
5 min read
Snapsec - Secret Scanner
Snapsec Suite Featured
Snapsec - Secret Scanner
In today's digital age, a single exposed secret, like an API key or database password, can unlock the doors to sensitive information, inviting cyber criminals to wreak havoc. A single misstep can lead to severe consequences, including financial loss, reputational damage, and regulatory penalties. To mitigate these risks,
4 min read
Snapsec - Phishing Simulator
Snapsec Suite Featured
Snapsec - Phishing Simulator
Nowadays most of the hacks or security breaches that we see have some kind of human element involved where any social engineering attack is used to trick employees or users which can be leveraged as an initial entry to carry out further attacks such as gaining unauthorized access to various
6 min read
Snapsec - Vulnerability Management
Snapsec Suite Featured
Snapsec - Vulnerability Management
Snapsec's Vulnerability Report Management solution provides a practical way for organizations to manage reports from their penetration testing teams in a more modern and structured format. This solution allows teams to easily receive, review, and understand findings, while also offering a wide variety of functionalities to enhance vulnerability
9 min read
Finding Multiple Security Issues on Agorapulse
case-studies
Finding Multiple Security Issues on Agorapulse
Agorapulse provides everything an organization could possibly need for social media marketing, monitoring, and management. Agorapulse is a full-featured social media management platform. Some of its features include a variety of ways to publish content, schedule posts, and report about social account usage. The software is used to create and
9 min read
Attacking CSRF Protection in Modern Web Apps
Attacking CSRF Protection in Modern Web Apps
Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with
5 min read
Spring4Shell: Everything you need to know.
News
Spring4Shell: Everything you need to know.
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the
6 min read
Lastpass Breach - Everything you need to know
News
Lastpass Breach - Everything you need to know
One of the largest online password manager with Over 25 million users as of 2020. LastPass suffered a massive data breach recently. The data included user information and vault data. Earlier in August, LastPass informed customers that an unauthorised actor had gained access to their development server through a compromised
6 min read
We Hacked Larksuite For 1 month and Here is what we found
case-studies
We Hacked Larksuite For 1 month and Here is what we found
Almost a year back in March 2020 shuffling our private invites stock to crash into a program worthy of our time and excitement. In a while, we stumbled upon a program by name of Lark Technologies. Larksuite is a collaborrative platform where users can collaborate on various tasks. This product
21 min read
Attacking Access Control Models in Modern Web Apps
Web Security
Attacking Access Control Models in Modern Web Apps
So far you may have come across various web applications where you were able to invite members with limited access to the information within the organization. Developers are able to make such applications or services by implementing access control models within their applications. What are Access Control Models: Access control
7 min read
Hacking Zendesk - Cache Deception, Privilege Escalation and more
case-studies
Hacking Zendesk - Cache Deception, Privilege Escalation and more
Another expedition to choose a new target to hack at Snapsec stopped at Zendesk. Zendek aligned with most of our testing principles, which we consider while choosing a new target to hack. Their available metrics remarked that the Zendesk security team was responsive and acknowledged the work of security researchers
9 min read
Attacking Rate Limit Protection in Modern Web Apps
Web Security
Attacking Rate Limit Protection in Modern Web Apps
What is rate-limiting? Well, Rate limiting is a process of limiting requests received by the networking device. It is used to control network traffic. Suppose a web server allows up to 20 requests per minute. If you try to send more than 20 requests, an error will be triggered. A
6 min read
How did we Found Log4shell on Agorapulse
case-studies
How did we Found Log4shell on Agorapulse
Log4j is a logging framework for Java applications. It is a popular choice for developers looking for a simple and flexible logging solution. However, in the past Log4j has been found to be vulnerable to a number of security threats. The log4j library has recently been found to contain a
5 min read
Uber Breach - Few Security Takeaways
News
Uber Breach - Few Security Takeaways
On 15 September, UBER acknowledged that it was responding to a “cybersecurity incident” and had contacted law authorities about the hack. An individual claiming to be an 18-year-old hacker claimed credit for the attack. On Thursday night, the attacker reportedly tweeted, “Hi I declare I am a hacker and UBER
5 min read