How I could have stolen your photos from Google - my first 3 bug bounty writeups

How I could have stolen your photos from Google...

Gergő Turcsányi |

IT security is a really huge topic and until you find your first bug you can’t be sure that you...

Smart Contract Security

Smart Contract Security

Aron Laszka |

Blockchain-based platforms are becoming increasingly popular due to their ability to maintain a public distributed ledger, providing reliability, integrity, and...

Secure collaborative infrastructure deployment workflow with Terraform, Vault, and Atlantis

Secure collaborative infrastructure deployment ...

Kristóf Havasi |

In one of our recent posts, we wrote about the difficulties of adopting infrastructure automation in a previously static environment....

Secure development with Spring Framework

Secure development with Spring Framework

Ákos Jakab |

In the past decade, Spring Framework became a well established and prominent web framework for developing Java applications. The most...

The three fatal bugs behind the Facebook breach

The three fatal bugs behind the Facebook breach

Ákos Hajba |

The breach was discovered after Facebook saw an unusual spike of user activity that began on September 14, 2018. A...

How to automate your infrastructure with Ansible in a secure way?

How to automate your infrastructure with Ansibl...

Dávid Osztertág |

Here at Avatao, we are big believers of infrastructure-as-code which is a way of infrastructure automation using practices from software...

Make AWS infrastructure more secure with the help of IAM

Make AWS infrastructure more secure with the he...

Bendegúz Ács |

The trend to move to the cloud seems to be unstoppable that raises more and more security concerns. AWS can...

How to dive into web-security as a developer

How to dive into web-security as a developer

Dániel Szpisják |

Great developers possess a wide variety of skills, from technological expertise to product thinking. You need some of these for...

Semancat versioning

Semancat versioning

Kristóf Tóth |

Tackling the versioning pains of a greenfield project with cats. New projects can force us, developers to face certain challenges...

Is your company ready for a responsible disclosure policy program?

Is your company ready for a responsible disclos...

Judit Szőcs |

A company has to be mature enough to implement a responsible disclosure policy – or at least mature enough to...

Security issues to be aware of before moving to the cloud

Security issues to be aware of before moving to...

András Maróy |

As more and more infrastructures are moved to the cloud datacenters, services offered by the cloud providers became an obvious...

How to use Git in a secure way

How to use Git in a secure way

Paul-Emmanuel Raoul |

We live in a world where it is hard not to know Git, the most popular Distributed Version Control System...

Using cloud-services, security is your job too

Using cloud-services, security is your job too

Gábor Pék |

Being cloud native won’t save you from external threats if you as a user are not aware of basic security...

Report a vulnerability in a responsible way! Part1

Report a vulnerability in a responsible way! Part1

Judit Szőcs |

If you have found a vulnerability and you want to act responsibly, discretion is most important. Always remember you have...

Broken Access Control

Broken Access Control

Márton Németh |

Access control, or authorization, is how a web application grants access to resources to some users, and not others. These...

Learn about CSP-based XSS protection

Learn about CSP-based XSS protection

Ákos Hajba |

The security model of web is rooted in the same-origin policy. Each origin is isolated from the rest of the...

Insource instead of outsourcing your cybersecurity operations

Insource instead of outsourcing your cybersecur...

Mark Felegyhazi |

As the enterprise architecture becomes more and more complex, the task of the Chief Security Information Officer (CISO) becomes overwhelming....

Deep dive into the Equifax breach and the Apache Struts vulnerability

Deep dive into the Equifax breach and the Apach...

Gergo Turcsanyi |

You’ve probably read about the Equifax breach in NY Times, in Bloomberg or somewhere else. The breach resulted in the...

Learn to build secure software

Learn to build secure software

Gabor Pek |

We are writing millions of lines of code day by day, but only a few of us take security into...

Interview with Tamás

Interview with Tamás "KT" Koczka from !SpamAndHex

Gabor Pek |

We are more than happy to welcome Tamás Koczka (aka “KT”) who is one of the key members of the...

How !SpamAndHex became a top hacker team in the world. The final part.

How !SpamAndHex became a top hacker team in the...

Gabor Pek |

This is the final part of this blog series. If you haven’t done already so, you can read the first...

Three major XSS issues in 2016 (plus an avatao XMaSS challenge)

Three major XSS issues in 2016 (plus an avatao ...

Gabor Pek |

In our previous blog, we gave you a small introduction to Cross-site Scripting (XSS) attacks and added some easy challenges...

Parse your binaries with Kaitai WebIDE

Parse your binaries with Kaitai WebIDE

Gabor Pek |

Binary analysis starts with the understanding of different file formats. Fortunately, there are several tools (e.g., CFF explorer, FileAlyzer) which...

Interview with Chris Wysopal, CTO of Veracode

Interview with Chris Wysopal, CTO of Veracode

Gabor Pek |

We are more than happy to welcome Chris Wysopal, (also on Twitter) as the next security expert on our blog....

Interview with Zoltán Balázs, security expert

Interview with Zoltán Balázs, security expert

Mark Felegyhazi |

We are more than happy to welcome Zoltán Balázs, (also on Twitter) as the next security expert on our blog....

avataoTools introduces popular security tools

avataoTools introduces popular security tools

Gabor Pek |

One of the most difficult parts in IT security is to get started. There are zillions of interesting topics all...

Interview with the CyKor CTF team

Interview with the CyKor CTF team

Gabor Pek |

The South Korean CTF team CyKor, (also on Facebook) is one of the best CTF teams in the world. Together...

Interview with Charlie Miller, security researcher

Interview with Charlie Miller, security researcher

Gabor Pek |

Charlie Miller, (also on Twitter) is well-known in the security community for his exceptional hacking results. He won the Pwn2Own...

How !SpamAndHex became a top hacker team (part 2)

How !SpamAndHex became a top hacker team (part 2)

Gabor Pek |

This is the second part of our !SpamAndHex series. You can read the first part here. Everything starts with a...

Interview with Mateusz

Interview with Mateusz "j00ru" Jurczyk, securit...

Gabor Pek |

We are more than happy to welcome Mateusz Jurczyk (aka “j00ru”), (also on Twitter) as the second security expert on...

Reverse engineering tutorial and challenge

Reverse engineering tutorial and challenge

Gabor Pek |

So here we are again with your next avatao Tuesday challenge. Today, we are delving a bit into reverse engineering...

Interview with Gabor Molnar, security expert, who co-discovered Rosetta Flash

Interview with Gabor Molnar, security expert, w...

Gabor Pek |

In this new series we talk to security experts on how they started their journey in this exciting field. The...

Your first Avatao Tuesday

Your first Avatao Tuesday

Gabor Pek |

How to get started in computer security? I think this is the first question that people raise when they are...

How !SpamAndHex became a top hacker team (part 1)

How !SpamAndHex became a top hacker team (part 1)

Mark Felegyhazi |

Summer just started in 2011, when Gábor Pék, Buherátor and Bencsáth Boldizsár (aka “Boldi”) decided to do some nice hacking...