Hello World | Nullform.sh

We’re Nullform, a security research practice based in Espoo. We spend most of our time poking at web applications and APIs, looking for the kind of bugs that let you do things you shouldn’t be able to.

What goes here

Mostly write-ups of vulnerabilities we’ve disclosed. The vendor always gets time to patch first. When we publish, we try to include enough context that someone else could understand the root cause and learn from it. Reproduction steps, the fix, what made the bug interesting.

Occasionally we’ll write about tools or techniques. No schedule, no cadence. Posts show up when there’s something worth writing about.

If you want to reach us: contact.