Securing https://www.securing.pl/en/ Mon, 09 Jun 2025 12:22:37 +0000 en-US hourly 1 https://www.securing.pl/wp-content/uploads/2020/09/favicon.png Securing https://www.securing.pl/en/ 32 32 Next.js-based Application Security Insights https://www.securing.pl/en/next-js-based-application-security-insights/ Fri, 06 Jun 2025 12:42:02 +0000 https://www.securing.pl/?p=16922 Next.js can be an interesting choice when building your new full-stack application. What should you keep in mind when doing so from the security perspective? In this article, I will highlight common mistakes that may occur when writing code with Next.js framework. Moreover, you will find out how I discovered CVE-2023-48309 in the NextAuth.js, Next.js-compatible authentication library.

The post Next.js-based Application Security Insights appeared first on Securing.

]]> Threats to consider when integrating Digital ID solutions into your organization https://www.securing.pl/en/threats-to-consider-when-integrating-digital-id-solutions-into-your-organization/ Tue, 03 Jun 2025 09:27:51 +0000 https://www.securing.pl/?p=16805 This article aims to help you gain a better understanding of the threat surface associated with integrating Digital ID solutions into your organization.

The post Threats to consider when integrating Digital ID solutions into your organization appeared first on Securing.

]]> Red Team stories – Bypassing RFID-based access control systems https://www.securing.pl/en/bypassing-rfid-based-access-control-systems/ Wed, 14 May 2025 07:02:07 +0000 https://www.securing.pl/?p=16390 During our Red Team physical security tests, we frequently encounter RFID-based access control systems that are surprisingly easy to bypass. From cloning cards to exploiting misconfigurations, these real-world cases reveal how attackers can move from lobby to server room unnoticed.

The post Red Team stories – Bypassing RFID-based access control systems appeared first on Securing.

]]> Which IAM SaaS architecture is for you – exploring IAM architectures in Software-as-a-Service solutions https://www.securing.pl/en/which-iam-saas-architecture-is-for-you-exploring-iam-architectures-in-software-as-a-service-solutions/ Tue, 13 May 2025 09:52:30 +0000 https://www.securing.pl/?p=16703 An in-depth exploration of common Software-as-a-Service (SaaS) architectures from the perspective of Identity and Access Management (IAM), including a comprehensive threat model focused on multitenancy.

The post Which IAM SaaS architecture is for you – exploring IAM architectures in Software-as-a-Service solutions appeared first on Securing.

]]> Public clouds are secure by default… but not necessarily in your case https://www.securing.pl/en/public-clouds-are-secure-by-default-but-not-necessarily-in-your-case/ Thu, 17 Apr 2025 15:34:09 +0000 https://www.securing.pl/?p=15606 Is it true that the public cloud is not secure by default? In this article, we will discuss the security of individual public cloud services considering the broader context.

The post Public clouds are secure by default… but not necessarily in your case appeared first on Securing.

]]> How we helped secure Poland’s digital ID system – technical analysis https://www.securing.pl/en/how-we-helped-secure-polands-digital-id-system-technical-analysis/ Fri, 11 Apr 2025 08:36:17 +0000 https://www.securing.pl/?p=15436 With the advent of the eIDAS regulation, all EU member states are mandated to create a digital ID solution. This article showcases technical details of our research on Poland’s digital ID system and uncovers critical vulnerabilities that we’ve found.

The post How we helped secure Poland’s digital ID system – technical analysis appeared first on Securing.

]]> Threat-Led Penetration Testing (TLPT) – How to be DORA compliant in 2025? https://www.securing.pl/en/threat-led-penetration-testing-tlpt-how-to-be-dora-compliant-in-2025/ Fri, 28 Feb 2025 07:59:41 +0000 https://www.securing.pl/?p=15048 The Digital Operational Resilience Act (DORA), coming into effect in January 2025, imposes new cyber-resilience obligations on financial institutions in the European Union.

The post Threat-Led Penetration Testing (TLPT) – How to be DORA compliant in 2025? appeared first on Securing.

]]> CVE-2025-26788: Passkey Authentication Bypass in StrongKey FIDO Server https://www.securing.pl/en/cve-2025-26788-passkey-authentication-bypass-in-strongkey-fido-server/ Fri, 14 Feb 2025 12:10:30 +0000 https://www.securing.pl/?p=14906 A vulnerability in the StrongKey FIDO Server Non-Discoverable Credential Authentication flow allowed to take over an account of any user.

The post CVE-2025-26788: Passkey Authentication Bypass in StrongKey FIDO Server appeared first on Securing.

]]> The year in review: The most interesting Single Sign-On vulnerabilities of 2024 https://www.securing.pl/en/the-year-in-review-the-most-interesting-single-sign-on-vulnerabilities-of-2024/ Mon, 27 Jan 2025 11:52:01 +0000 https://www.securing.pl/?p=14721 Check out a summary of 2024’s most interesting Single Sign-On vulnerabilities, and make sure your company is not vulnerable to last year’s security misconfigurations.

The post The year in review: The most interesting Single Sign-On vulnerabilities of 2024 appeared first on Securing.

]]> CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/ Tue, 07 Jan 2025 14:14:06 +0000 https://www.securing.pl/?p=14135 Due to the improper neutralization of the user-controllable input before it is passed for the execution, an unauthenticated attacker can send a payload that is executed on the Aviatrix Network Controller.

The post CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability appeared first on Securing.

]]>