Denis Makrushin

Application Security: Champions Program (HITB2021)

by Denis Makrushin July 19, 2021

To properly implement a product maturity program, organizations need to embed and grow security expertise. Cultivation of application security champions requires the right pivot point in the following topic: application bug hunting and mitigation strategy.

July 19, 2021

Blog

New Prototype Pollution vulnerabilities in npm package

by Denis Makrushin June 29, 2021

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28450

We discovered two more JS Prototype Pollution vulnerabilities in one more nmp-package: CVE-2020-28449, CVE-2020-28450. The package has ~200 weekly downloads, so the popularity level is limited. However, due to the patch is still unavailable check the details and make sure that your Node.js app is not affected.

June 29, 2021

Blog

Bug Hunting Village Summary

by Denis Makrushin June 7, 2021

Quick summary of Bug Hunting Village, the first time we organized offline:

12 talks and workshops focused on vulnerability research and bug bounty;
highest payouts during two days of conference by our partners (thanks to Mail.ru Group, VK.com, Азбука Вкуса, Avito, iSimpleLab);
prizes for most active bug hunters (thanks to PHDays organizers and Timur Yunusov);
communication in our Chat and knowledge sharing in Telegram-channel, and continuous movement to the next offline event.

June 7, 2021

Load More Posts