From the file system to web services, permissions allow an owner of a resource to determine who has access to what within their domain. Today we’re going to talk about the former which is file system access control. We’ve been filing a number of bugs recently that are related to…

Injection attack can manifest themselves in many different ways within your application. You’ve probably heard stories of SQL injection, a far too common issue in web applications or RCE (Remote Code Execution), which actually refers to memory corruption and executing arbitrary code…

Just a quick clarification to make as these should really be called “Bug Weeksly” as we probably won’t be pushing them out every single week, but every couple to few weeks to maintain quality content. But as Weeksly doesn’t quite roll of the tongue (and further isn’t even a…

If your code uses libraries that you didn’t write and you don’t own, you inherit that code’s risks. It’s bugs become your bugs. You have extended your attack surface from what it was to what it is now with these new additional lines.

Here at Block Audit, we’re all about finding and fixing those security bugs. They can often crop up in the oddest places and knowing which components of your application are the most risky can lead to some rather important, yet unexpected discoveries (or expected discoveries in the case…