Include Security
@includesecurity.bsky.social
Our recent post explores the unpredictability of Java garbage collection and the implications that has for secrets in code.
blog.includesecurity.com/2025/11/immu...
blog.includesecurity.com/2025/11/immu...
Immutable Strings in Java - Are Your Secrets Still Safe? - Include Security Research Blog
Java programmers might not be aware their secrets could be floating around in system memory long after it's assumed those secrets have been removed. The problem is a combination of immutability and ga...
blog.includesecurity.com
November 11, 2025 at 7:16 PM
Our recent post explores the unpredictability of Java garbage collection and the implications that has for secrets in code.
blog.includesecurity.com/2025/11/immu...
blog.includesecurity.com/2025/11/immu...
In our latest post we look under the hood of a professional-grade audio mixer to explore its security profile and consider how vulnerabilities could be leveraged by an attacker in a real world setting.
blog.includesecurity.com/2025/10/prod...
blog.includesecurity.com/2025/10/prod...
Production Security, Not That Kind - Include Security Research Blog
The Include Security team takes a foray into the world of audio production equipment in our latest blog post. We look under the hood of a professional-grade audio mixer to explore its security profile...
blog.includesecurity.com
October 3, 2025 at 7:50 PM
In our latest post we look under the hood of a professional-grade audio mixer to explore its security profile and consider how vulnerabilities could be leveraged by an attacker in a real world setting.
blog.includesecurity.com/2025/10/prod...
blog.includesecurity.com/2025/10/prod...
Developers should consider how implementing LLMs into an application affects its attack surface. Likewise, pentesters assessing those applications should scope the test with that attack surface in mind. Our latest post covers both perspectives!
blog.includesecurity.com/2025/07/llms...
blog.includesecurity.com/2025/07/llms...
LLMs in Applications - Understanding and Scoping Attack Surface - Include Security Research Blog
In this post we consider how to think about the attack surface of applications leveraging LLMs and how that impacts the scoping process when assessing those applications. We discuss why scoping matter...
blog.includesecurity.com
July 17, 2025 at 7:12 PM
Developers should consider how implementing LLMs into an application affects its attack surface. Likewise, pentesters assessing those applications should scope the test with that attack surface in mind. Our latest post covers both perspectives!
blog.includesecurity.com/2025/07/llms...
blog.includesecurity.com/2025/07/llms...
Our most recent post covers various ways pentest reports are misinterpreted, including why findings aren't a sign of failure and why "clean" reports may not indicate a good security posture.
blog.includesecurity.com/2025/05/misi...
blog.includesecurity.com/2025/05/misi...
Misinterpreted: What Penetration Test Reports Actually Mean - Include Security Research Blog
This month's post discusses pentest reports and how the various audiences that consume them sometimes misinterpret what they mean. We cover why findings in a report are not a sign of failure, why "cle...
blog.includesecurity.com
May 28, 2025 at 6:43 PM
Our most recent post covers various ways pentest reports are misinterpreted, including why findings aren't a sign of failure and why "clean" reports may not indicate a good security posture.
blog.includesecurity.com/2025/05/misi...
blog.includesecurity.com/2025/05/misi...
Do you use WebSockets? Read our latest blog post to find out how modern browsers may (or may not) be protecting you from Cross-Site WebSocket Hijacking.
blog.includesecurity.com/2025/04/cros...
blog.includesecurity.com/2025/04/cros...
Cross-Site WebSocket Hijacking Exploitation in 2025 - Include Security Research Blog
Include Security's latest blog post covers Cross-Site WebSocket Hijacking and how modern browser security features do (or don't) protect users. We discuss Total Cookie Protection in Firefox, Private N...
blog.includesecurity.com
April 17, 2025 at 7:59 PM
Do you use WebSockets? Read our latest blog post to find out how modern browsers may (or may not) be protecting you from Cross-Site WebSocket Hijacking.
blog.includesecurity.com/2025/04/cros...
blog.includesecurity.com/2025/04/cros...
Today our team at IncludeSec is releasing a small website to help those concerned with key collisions. This easy site allows you to check if your private keys have been found to be public!
ismyprivatekeypublic.com
Please pass along to your industry colleagues who might need such a site today 💓 🦾
ismyprivatekeypublic.com
Please pass along to your industry colleagues who might need such a site today 💓 🦾
Key Review Portal
ismyprivatekeypublic.com
April 1, 2025 at 6:00 PM
Today our team at IncludeSec is releasing a small website to help those concerned with key collisions. This easy site allows you to check if your private keys have been found to be public!
ismyprivatekeypublic.com
Please pass along to your industry colleagues who might need such a site today 💓 🦾
ismyprivatekeypublic.com
Please pass along to your industry colleagues who might need such a site today 💓 🦾
Hi all, check out our latest blog post on Delphi memory corruption vulnerabilities!
blog.includesecurity.com/2025/03/memo...
We cover how compiler flags and dangerous system library routines could affect memory safety while demonstrating Delphi stack/heap-based overflow examples.
blog.includesecurity.com/2025/03/memo...
We cover how compiler flags and dangerous system library routines could affect memory safety while demonstrating Delphi stack/heap-based overflow examples.
Memory Corruption in Delphi - Include Security Research Blog
In our team's latest blog post, we build a few examples that showcase ways in which memory corruption vulnerabilities could manifest in Delphi code despite being included in a list of "memory safe" la...
blog.includesecurity.com
March 13, 2025 at 8:34 PM
Hi all, check out our latest blog post on Delphi memory corruption vulnerabilities!
blog.includesecurity.com/2025/03/memo...
We cover how compiler flags and dangerous system library routines could affect memory safety while demonstrating Delphi stack/heap-based overflow examples.
blog.includesecurity.com/2025/03/memo...
We cover how compiler flags and dangerous system library routines could affect memory safety while demonstrating Delphi stack/heap-based overflow examples.