Team Research blog
We were recently asked by one of our clients (our day job at IncludeSec is hacking software of all types) to take a look at their Roku channel. For those unfamiliar Roku calls apps for their platform “channels”. We haven’t seen too many Roku channel security reviews and neither has the industry as there isn’t … Read more
In application assessments you have to do the most effective work you can in the time period defined by the client to maximize the assurance you’re providing. At IncludeSec we’ve done a couple innovative things to improve the overall effectiveness of the work we do, and we’re always on the hunt for more ways to … Read more
Note: The SafeURL libraries are no longer maintained and we recommend considering other SSRF mitigation approaches alongside application-layer SSRF protection libraries. See our 2023 blog post for more details. At Include Security, we believe that a reactive approach to security can fall short when it’s not backed by proactive roots. We see new offensive tools … Read more