Cyber Security Research

Read the latest security research from the white hat hacking team at Intruder
All
Vulnerability Scanning
Prototype pollution bugs have been a feature in many CTFs in recent years, and real-world examples in open-source applications have led to impactful exploits such as remote code execution and denial-of-service. The discovery of these bugs has long relied on access to source code, with no safe black-box detection techniques being widely used.
Latest

Detecting Server-Side Prototype Pollution

Prototype pollution bugs have been a feature in many CTFs in recent years, and real-world examples in open-source applications have led to impactful exploits such as remote code execution and denial-of-service. The discovery of these bugs has long relied on access to source code, with no safe black-box detection techniques being widely used.
February 15, 2023
Daniel Thatcher
GUIDs (often called UUIDs) are widely used in modern web applications. However, seemingly very few penetration testers and bug bounty hunters are aware of the different versions of GUIDs and the security issues associated with using the wrong one.
Latest

In GUID We Trust

GUIDs (often called UUIDs) are widely used in modern web applications. However, seemingly very few penetration testers and bug bounty hunters are aware of the different versions of GUIDs and the security issues associated with using the wrong one.
October 11, 2022
Daniel Thatcher
Modern web applications typically rely on chains of multiple servers, which forward HTTP requests to one another. The attack surface created by this forwarding is increasingly receiving more attention, including the recent popularisation of cache poisoning...
Latest

Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond

Modern web applications typically rely on chains of multiple servers, which forward HTTP requests to one another. The attack surface created by this forwarding is increasingly receiving more attention, including the recent popularisation of cache poisoning...
November 10, 2021
Daniel Thatcher
No items found.
No items found.
No items found.

Ready to get started with your 14-day trial?

try for free
Solutions
Developers
SME's
Enterprise
Comparisons
Intruder vs Acunetix
Intruder vs Qualys
Intruder vs Rapid7
Intruder vs Netsparker (Invicti)
Intruder vs Detectify
Intruder vs Pentest-Tools.com
Solutions
Developers
SME's
Enterprise
Comparisons
Intruder vs Acunetix
Intruder vs Qualys
Intruder vs Rapid7
Intruder vs Netsparker (Invicti)
Intruder vs Detectify
Intruder vs Pentest-tools.com
Resources
Developer Hub
Help Centre
Blog
Guides
Success Stories
Research
Webinars
Company
About Us
Contact
Become a partner
Careers
Use Cases
Automated Penetration testing
Cloud Vulnerability Scanner
Network Vulnerability Scanner
External Vulnerability Scanner
Internal Vulnerability Scanner
Website Security Scanner
Compliance
SOC 2
ISO 27001
PCI DSS
Resources
Developer Hub
Help Centre
Blog
Guides
Success Stories
Research
Webinars
Company
About Us
Contact
Become a partner
Careers (We're hiring!)
email us
Intruder | An Effortless Vulnerability Scanner
email us
Intruder | An Effortless Vulnerability Scanner
© 2023 Intruder Systems Ltd
Status
Terms & Conditions
Privacy Policy
Security
Sitemap
Registered in England, VAT Number GB228985360. Intruder is a trading name of Intruder Systems Ltd, Company Registration Number 09529593.