Dawid Czagan

Dawid Czagan (@dawidczagan) has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, BlackBerry and other companies. Due to the severity of many bugs, he received numerous awards for his findings.

Dawid is founder and CEO at Silesia Security Lab, which delivers specialized security auditing services with a results-driven approach. He also works as Security Architect at Future Processing.

Dawid shares his bug hunting experience in his workshop entitled “Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more”. To find out about the latest in Dawid’s work, you are invited to visit his blog (https://silesiasecuritylab.com/blog) and follow him on Twitter (@dawidczagan).

General security May 19, 2021 Dawid Czagan

Quantitative risk analysis [updated 2021]

Utilizing a quantitative risk analysis is an integral part of security and ensuring a positive cost and benefit.

General security August 10, 2020 Dawid Czagan

Securing cookies with httponly and secure flags [updated 2020]

Securing cookies is an important subject. Think about an authentication cookie. When the attacker is able to grab this cookie, he can impersonate the user....

General security September 1, 2019 Dawid Czagan

Non-repudiation and digital signature [updated 2018]

The digital certificate is a critical component of a public key infrastructure. It is an electronic document that associates the individual identity of a...

Cryptography April 23, 2015 Dawid Czagan

Tunneling, Crypto and VPNs

1. Introduction The idea of Virtual Private Network (VPN) is to simulate a private network over a public network. A VPN tunnel can be used to securely connect...

Hacking April 20, 2015 Dawid Czagan

Bypassing Packet Filters with IP Fragmentation Overlapping

1. Introduction The process of IP fragmentation occurs when the data of the network layer is too large to be transmitted over the data link layer in one piece....

Vulnerabilities January 8, 2015 Dawid Czagan

HTTPS and mixed content vulnerability

HTTPS is used to make communication between the server and the browser secure. However, a problem occurs when an HTTPS page loads HTTP content: this is called...

General security August 11, 2014 Dawid Czagan

Cookies with Secure Flag: Undesired Behavior in Modern Browsers

Introduction When a cookie has secure flag set, it will only be sent over secure HTTPS, which is HTTP over SSL/TLS. This way, the authentication cookie will...

Management, compliance & auditing May 27, 2014 Dawid Czagan

Effective Risk Reduction

1. Introduction Risk reduction is often associated with prevention only. Effective security, however, also needs detection and response. Those three (prevention,...

Management, compliance & auditing May 21, 2014 Dawid Czagan

Qualitative risk analysis with the DREAD model

This article introduces two types of risk analysis (quantitative, qualitative) and presents how to perform qualitative risk analysis with the DREAD model. Finally,...

Application security April 7, 2014 Dawid Czagan

Cookies with HttpOnly Flag: Problem in Some Browsers

1. Introduction When a cookie has HttpOnly flag set, then JavaScript cannot read it in case of XSS exploitation. This is actually the reason why HttpOnly flag...

1
2
3
›