Tuned by world-class offensive security experts, our AI agent, Takumi, uncovers critical vulnerabilities within your codebase that other tools miss, such as business logic bugs and broken authorizations. This allows you to receive actionable alerts with minimal false positives and focus on what truly matters.| GMO Flatt Security
Our Tokyo-based team of world-class security experts, supercharged by advanced AI, delivers penetration testing. We find the critical vulnerabilities in your complex Web, Cloud, and AI applications that others can't.| GMO Flatt Security
GMO Flatt Security, based in Tokyo, offers expert security assessments and penetration testing for software. Our seasoned professionals deliver proven, top-tier services. We also provide tools to help you internalize their security practices.| GMO Flatt Security
定められた期間内に、可能な限りビジネスリスクの高い脆弱性を探すセキュリティ診断の手法です。アプリの仕様などを鑑み、より深刻度の高い脆弱性がありそうな箇所から優先付けを行い診断を実施します。 診断項目は網羅的ではないものの、規模の大きい診断対象であっても全体を対象にリスクを洗い出すことができます。| GMO Flatt Security
2024年で創業5周年を迎えるFlatt Security。代表取締役CEOの井手康貴が「Flatt Securityが歩んだ5年間」と「これから目指すこと」について語ります。| #FlattSecurityMagazine
Introduction Hello, I’m RyotaK ( @ryotkak ), a security engineer at Flatt Security Inc. Recently, @slonser_ found a bypass in the DOMPurify when it’s used to sanitize XML documents. After taking a look at the patch, I found two more bypasses of XML/HTML confusion, so I’m documenting it here. HTML != XML As @slonser_ wrote in his post, HTML and XML have a bit different parsing rules. For example, the following text is parsed as a single node in the XML parser, but the HTML parser recogni...| Flatt Security Research
Preface Hi, I’m stypr (@stereotype32 ) from Flatt Security Inc. Last year, I wrote a blog post about technical explanations about 0days found in Japanese OSS products. I have found a lot of vulnerabilities in various products since then. Unfortunately, most bugs I found did not get it fixed right away, so I did not get any chances to share some exciting vulnerabilities I found until today. This article will explain how I found various vulnerabilities and chained some of the vulnerabilities ...| Flatt Security Research
TL;DR It was found that unexpected behaviors in the query’s escape function could cause a SQL injection in mysqljs/mysql (https://github.com/mysqljs/mysql ), which is one of the most popular MySQL packages in the Node.js ecosystem. Typically, query escape functions or placeholders are known to prevent SQL injections. However, mysqljs/mysql is known to have different escape methods over different value types, and it could eventually cause unexpected behaviors when the attacker passes the par...| Flatt Security Research
Note) It’s just an English version of previous post . Hello, I’m Shiga( @Ga_ryo_ ), a security engineer at Flatt Security Inc. In this article, I would like to give you a technical description of CVE-2020–15702 which is published recently. I discovered this vulnerability and reported it to the vendor via the Zero Day Initiative . This article is not intended to inform you of the dangers of vulnerabilities, but to share tips from a technical point of view.| Flatt Security Research
KENRO (ケンロー) は、Web 開発に必要なセキュリティ技術を体系的に学べる、開発者のための学習プラットフォームです。| flatt.tech
