What a year! We look back and summarize our security research highlights of 2024: 🪲 Vulnerabilities in Jenkins, SourceForge, Joomla, and much more 🎙️ 7 talks, including DEF CON and Hexacon 🏆 5 nominations and 1 award sonarsource.com/blog/vulnerabi… #research #vulnerability #appsec

📁 Using polyglot file and RXSS to achieve one-click RCE on a Voyager instance. Read more about how SonarQube Cloud detected CVE-2024-55417 in our latest blog post: sonarsource.com/blog/the-taint… #appsec #security #vulnerability

Two weeks ago, our research on SQL Injection via Protocol Smuggling landed 2nd place in PortSwigger Research's Top 10 Web Hacking Techniques of 2024! 🥈 If you haven't seen it yet or want to chat with our researcher Paul, don't miss his presentation at RuhrSec this Friday:

Beware the Cookie Monster! 🍪 We found a vulnerability in the Cyberhaven browser extension that allowed attackers to steal any cookie from their victim. Learn about the details in our latest blog post: sonarsource.com/blog/beware-th… #appsec #security #vulnerability

🦘🛜Compromising bastion host to gain full control over the internal infrastructure. Read more about the vulnerabilities we uncovered in JumpServer in our recent blog post: sonarsource.com/blog/diving-in… #appsec #security #vulnerability

🦘🛜 Our second part of the “Diving Into JumpServer” series is live: Read more on how an attacker who bypassed authentication can execute code and fully compromise the JumpServer instance and internal hosts: sonarsource.com/blog/diving-in… #appsec #security #vulnerability

📊⚠️ Data in danger! We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post: sonarsource.com/blog/data-in-d… #appsec #security #vulnerability

Ever wondered what's going on behind the scenes of your API client? 🕵️‍♀️ We dug in and found a variety of JS sandboxing pitfalls! Find out how Postman and Insomnia tried to isolate untrusted code and what challenges they faced: sonarsource.com/blog/scripting… #appsec #security

Scripting Outside the Box! 📦 Last week, we saw JS sandboxing pitfalls in API clients. Today, we continue with more complex sandbox escapes in Bruno and Hoppscotch. Learn how they work and how to sandbox JS securely in part 2: sonarsource.com/blog/scripting… #appsec #security

SQL Injection despite using prepared statements? 🧐 Turns out that SQL syntax can be ambiguous! Learn how this has led to vulnerabilities in several popular PostgreSQL client libraries: sonarsource.com/blog/double-da… #appsec #security #vulnerability

Coming to #TROOPERS25 this week? We'll be there too, presenting our research! 🎨 Scriptless Attacks: Why CSS is My Favorite Programming Language pspaul will convince you why CSS should not be overlooked in client-side web attacks and what is possible without JavaScript today

Catch our second talk at #TROOPERS25: 🕸️ Caught in the FortiNet: Compromising Organizations Using Endpoint Protection Yaniv Nizry will tell you the story of multiple vulnerabilities in Fortinet products that can compromise an entire organization, starting with a single click

🕸️🏢Caught in the FortiNet: Exploiting Fortinet’s endpoint protection solution to compromise an entire organization using minimal user interaction. Dive into our technical analysis of this interesting attack scenario: sonarsource.com/blog/caught-in… #appsec #security #vulnerability

📁🫷🚧Can't control the extension of a file upload, but you want an XSS? Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection: sonarsource.com/blog/caught-in… #appsec #vulnerability #bugbountytips

🔓⏫ After compromising every endpoint within an organization, our “Caught in the FortiNet” series comes to an end with one more thing. Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS sonarsource.com/blog/caught-in… #appsec #security

📱 Ever wondered what vulnerabilities look like in Android apps? We have 2 real-world examples for you! From simple misconfig to cross-app data flow, learn how vulnerabilities manifest in the Kotlin code of Android apps: sonarsource.com/blog/securing-… #appsec #security #vulnerability

🗒️✍️Taking a note on security: our latest blog post focuses on Go vulnerabilities, including Arbitrary File Write, XSS, and Misconfiguration. Showcasing our new support for the language in SonarQube Cloud! sonarsource.com/blog/securing-… #appsec #security #vulnerability

Using SonarQube to solve a CTF challenge? Done! ✅ Learn how we detected a 0-day vulnerability during #KalmarCTF, making us first to solve the challenge! From Zip Slip to RCE, using lazy class loading: sonarsource.com/blog/code-secu… #appsec #CTF #vulnerability

🔄📦 GitHub Actions offer powerful automation capabilities for CI/CD, but they're not immune to attacks. Take a look at how we tackle this risk with SonarQube Cloud by diving into real-world vulnerabilities. sonarsource.com/blog/securing-… #appsec #security #vulnerability

From bit flip to RCE in Ollama! 🦙 Our latest blog post explains how a file parsing bug led to an interesting out-of-bounds write primitive. Learn how it could have been exploited in Ollama, a tool to run LLMs locally: sonarsource.com/blog/ollama-re… #security #vulnerability #llm #ai