Next Tuesday, March 13 , 2018, at 5PM GMT you must attend a interesting @Checkmarx webinar by David Sopas. You can understand what Reflected File Download (RFD) is, view a live demonstration of an RFD attack and learn how you can protect your product from the dangers of RFDs. Discovered in 2014 by...
More and more apps are available in Google Play Store allowing to manage your invoices. Some apps are focused on small businesses in order to make quotes or invoices for clients, but other apps are also targeting individuals. For instance in Portugal, the government is encouraging people to ask for...
"GTFO MR. USER" is the talk from the speaker David Sopas at BSidesLisbon 2017. The co-founder of Char49 will present real case scenarios (aka hacking to PoC) showing the danger of large organizations ignoring high and critical security issues, with repercussions that would affect millions should the...
We are proud to annouce that Char49 will be present at BSidesLisbon 2017, next November 9th and 10th. As one of the sponsors we have also some guys "talking about security" and participate on the several activities during those 2 days. BSidesLisbon is the premier technical information security c...
Our Security Ninja Miguel Regala found a vulnerability on drive.google.com. It's a common problem of data exposure, without PII leak, but rarely found in production environment. Google security team gave a quick answer and in a very transparent process the bug was fixed in a short period of time. Mi...
Our team leader found a stored XSS in olx.pt. When submiting a new ad, it was possible to add a XSS payload on data[person]. The ad got approved without reflection on the output of this field, it was sanitized. Afterwards when we try to edit the ad, the payload was launched, so the input wasn't sani...
