Microsoft Exchange finds itself being updated repeatedly in a short span after the January discovery of suspect activity from a reportedly Chinese APT. Several CVE’s have been documented including the use of a Server Side Request Forgery (SSRF) vulnerability. There are new scripts out that are available to the public that can be used to… Read more

Given the choice of having IDOR or BOLA, which do you think is preferred? The correlation of Ebola Virus Disease aside, it should be noted that both IDOR and BOLA are one in the same. IDOR (Insecure Direct Object Reference) and BOLA (Broken Object Level Authorization) are abbreviations reserved for manipulating object ID’s via API’s… Read more