Skip to content

We talk to you about

Data Privacy & Security

We talk to you about

Data Privacy & Security

Our last posts

Our last posts

Mitigating CVE-2019-11358 in old versions of jQuery

A few months ago, a new vulnerability was found in jQuery, affecting all existing versions of jQuery. It was fixed only in the new version 3.4.0.The SNYK website has a lot of detailed information about this ‘Prototype Pollution’ vulnerability, so I won’t go into that here. For those interested, follow this link : https://snyk.io/vuln/SNYK-JS-JQUERY-174006 What I find interesting is the fact that no patch has been made available for older versions - the argument of ...

Implementing a CAA Record

It has been a while since tools like Qualys’ SSLLabs and testssl.sh are reporting on the usage of CAA records. So anyone caring about the quality and security of their SSL connection will probably have noticed its existence by now. But what is it for and how do you configure it? In short: using a (DNS) CAA record you can specify which Certificate Authorities are allowed to issue certificates for your domain names. Because a lot ...

Two Factor Authentication Cross Site Request Forgery (CSRF) vulnerability (CVE-2018-20231)

At BitnessWise we recently did a review of a few Two Factor Authentication (2FA) plugins for WordPress. First we selected some candidates based on usability and free-version features and after that performed a technical review of the plugin. This revealed a vulnerability we'd like to discuss in this post for future reference and to better understand the issue. Many people think the security of WordPress is bad to begin with and they might also think ...

Data Privacy

Security

Scroll To Top