At Conviso, we believe that knowledge is more potent when it’s shared. Our Code Fighters Lab is composed by our Research and Development Team – Information Security Analysts dedicated to continuously studying Application Security, striving to promote relevant information for the AppSec community.
We are truly inspired by the ideal of AppSec as a culture. That’s why our professionals work daily to find new, innovative solutions to security challenges – to then share their findings and collaborate with the community.
Conviso Code Fighters
Researching, Sharing, and Innovating
Our most popular studies, findings, and analysis
CVE: 2021–3311 October CMS Token Reactivation
Many bounties and many pieces of researches emerge just by looking at the right amount of code at the right path number and them BOOM!
A case study on: CVE-2021-22204 – Exiftool RCE
Recently, the researcher wcbowling found a vulnerability in the Exiftool tool, that enabled a malicious actor to perform a Remote code Execution attack.
CVE-2022-21831: Overview of the security issues we found in Rails’s image processing API
During a security auditing of the Ruby on Rails source and its dependencies, we discovered two ways to exploit ActiveStorage’s image…
Why are nonces important on CTR mode ciphers
This article: “Why are nonces important on CTR mode ciphers” was written 3 years ago, and is available again on our blog.
Bank malware mitigations
Malware (Bank malware mitigations) is the name for a program designed to mistreat its users.
Veracode API: Getting things done with AWS Lambda and AWS API Gateway
Every day at Conviso both dev and sre teams are working together facing challenges to make Conviso Platform a more complete solution.