Free Webinar “RFD: Still Threatening the Biggest Names on the Web”

Published on

Next Tuesday, March 13 , 2018, at 5PM GMT you must attend a interesting @Checkmarx webinar by David Sopas. You can understand what Reflected File Download (RFD) is, view a live demonstration of an RFD attack and learn how you can protect your product from the dangers of RFDs. Discovered in 2014 by researcher Oren … Continue reading Free Webinar “RFD: Still Threatening the Biggest Names on the Web”

How safe is your tax rebate e-invoice app? Learn how to protect yourself.

Published on

More and more apps are available in Google Play Store allowing to manage your invoices. Some apps are focused on small businesses in order to make quotes or invoices for clients, but other apps are also targeting individuals. For instance in Portugal, the government is encouraging people to ask for invoices when buying products. These … Continue reading How safe is your tax rebate e-invoice app? Learn how to protect yourself.

GTFO Mr. User

Published on

“GTFO MR. USER” is the talk from the speaker David Sopas at BSidesLisbon 2017. The co-founder of Char49 will present real case scenarios (aka hacking to PoC) showing the danger of large organizations ignoring high and critical security issues, with repercussions that would affect millions should the security threats fall into the wrong hands. Additionally, … Continue reading GTFO Mr. User

Char49 at BSidesLisbon 2017

Published on

We are proud to annouce that Char49 will be present at BSidesLisbon 2017, next November 9th and 10th. As one of the sponsors we have also some guys “talking about security” and participate on the several activities during those 2 days. BSidesLisbon is the premier technical information security conference in Portugal and celebrates this year its … Continue reading Char49 at BSidesLisbon 2017

Stored XSS in olx.pt

Published on

Our team leader found a stored XSS in olx.pt. When submiting a new ad, it was possible to add a XSS payload on data[person]. The ad got approved without reflection on the output of this field, it was sanitized. Afterwards when we try to edit the ad, the payload was launched, so the input wasn’t sanitized when added … Continue reading Stored XSS in olx.pt

We got Adobe XSSed

Published on

When our security team leader started his path on HackerOne he started with Adobe bug bounty program. David already was present on their Security Acknowledgements list (2013) but he wanted to get a big company on his HackerOne profile so after a while he found a Reflected XSS (CWE-79) on their website. You may notice that … Continue reading We got Adobe XSSed

Can you write a great vulnerability report?

Published on

David Sopas is the security team leader at Char49 and he is sharing great tips at Cobalt’s Blog on how writing great vulnerability reports can have a huge impact in your bug bounties career. The article covers best practices on preparation, writing and also tools used. Go check it out.