Website Evidence Collector Logo

Website Evidence Collector

By Isabel Barbera & Martijn Korse / 14th March 2020

The European Data Protection Supervisor (EDPS) has published a tool that can be used to inspect a website and report which cookies and related technologies are being used. It’s called the Website Evidence Collector, it’s open source and published under the European Union Public License. If you own / maintain a website, it can be…

Read More
Shodan Postman Collection

Shodan Postman Collection

By Martijn Korse / 18th December 2019

The Christmas holidays are coming and to those of you who feel like doing something adventurous: there is now a new way to visit the dark caverns of the internet. We created an exciting combination of two existing services that make this trip possible: A Postman collection of all the currently available Shodan API calls.…

Read More
jquery prototype pollution

Mitigating CVE-2019-11358 in old versions of jQuery

By Martijn Korse / 2nd August 2019

A few months ago, a new vulnerability was found in jQuery, affecting all existing versions of jQuery. It was fixed only in the new version 3.4.0.The SNYK website has a lot of detailed information about this ‘Prototype Pollution’ vulnerability, so I won’t go into that here. For those interested, follow this link : https://snyk.io/vuln/SNYK-JS-JQUERY-174006 What…

Read More
dns caa record

Implementing a CAA Record

By Martijn Korse / 3rd March 2019

It has been a while since tools like Qualys’ SSLLabs and testssl.sh are reporting on the usage of CAA records. So anyone caring about the quality and security of their SSL connection will probably have noticed its existence by now. But what is it for and how do you configure it? In short: using a…

Read More

Two Factor Authentication Cross Site Request Forgery (CSRF) vulnerability (CVE-2018-20231)

By Martijn Korse / 24th January 2019

At BitnessWise we recently did a review of a few Two Factor Authentication (2FA) plugins for WordPress. First we selected some candidates based on usability and free-version features and after that performed a technical review of the plugin. This revealed a vulnerability we’d like to discuss in this post for future reference and to better…

Read More

We prevented a sign-in attempt

By Martijn Korse / 13th July 2018

Last weekend, almost exactly between April Fools’ Day and Halloween, Google played a prank and scared us! If you have used Gmail on different devices, you probably know the kind of message you get when you log in from a different device. Additionally, you might be presented with a security question if Google doesn’t trust…

Read More
Website Evidence Collector Logo

Website Evidence Collector

The European Data Protection Supervisor (EDPS) has published a tool that can be used to inspect a website and report which cookies and related technologies are being used. It’s called the Website Evidence Collector, it’s open source and published under the European Union Public License. If you own / maintain a website, it can be…

Read More...
Shodan Postman Collection

Shodan Postman Collection

The Christmas holidays are coming and to those of you who feel like doing something adventurous: there is now a new way to visit the dark caverns of the internet. We created an exciting combination of two existing services that make this trip possible: A Postman collection of all the currently available Shodan API calls….

Read More...
jquery prototype pollution

Mitigating CVE-2019-11358 in old versions of jQuery

A few months ago, a new vulnerability was found in jQuery, affecting all existing versions of jQuery. It was fixed only in the new version 3.4.0.The SNYK website has a lot of detailed information about this ‘Prototype Pollution’ vulnerability, so I won’t go into that here. For those interested, follow this link : https://snyk.io/vuln/SNYK-JS-JQUERY-174006 What…

Read More...
dns caa record

Implementing a CAA Record

It has been a while since tools like Qualys’ SSLLabs and testssl.sh are reporting on the usage of CAA records. So anyone caring about the quality and security of their SSL connection will probably have noticed its existence by now. But what is it for and how do you configure it? In short: using a…

Read More...

Two Factor Authentication Cross Site Request Forgery (CSRF) vulnerability (CVE-2018-20231)

At BitnessWise we recently did a review of a few Two Factor Authentication (2FA) plugins for WordPress. First we selected some candidates based on usability and free-version features and after that performed a technical review of the plugin. This revealed a vulnerability we’d like to discuss in this post for future reference and to better…

Read More...

We prevented a sign-in attempt

Last weekend, almost exactly between April Fools’ Day and Halloween, Google played a prank and scared us! If you have used Gmail on different devices, you probably know the kind of message you get when you log in from a different device. Additionally, you might be presented with a security question if Google doesn’t trust…

Read More...