33% of websites and webapps are vulnerable to XSS

Cross-site Scripting (XSS) is a much talked-about type of injection vulnerability that occurs on the client-side (that is, in a user’s browser). It occurs, predominantly through the use of JavaScript due to its prevalence in most browsing experiences. Cross-site Scripting can be classified into four major categories – Stored XSS, Reflected XSS, DOM-based XSS and […]

Read More →

Pentest Diaries – Negative Transfers and Android eWallets don’t Mix

eWallets, or digital wallets are becoming evermore popular. Most Android eWallets are apps that allow a user to make electronic transactions, including purchasing items online or in-person. Some services even allow an individual’s bank account to be linked to the service. Naturally, breaking the security of such a system is not only interesting, but potentially, […]

Read More →

Hunting for XXE in Uber using Acunetix AcuMonitor

XML External Entity (XXE) vulnerabilities are attacks which involve an attacker abusing an application which parses XML. The attack occurs against an XML parser which has XML entities enabled. If you are not familiar with XML entities, you can think of them as a rarely used, typically automatically enabled feature in many XML parsers which […]

Read More →

In the headlines: LastPass vulnerability, Hillary Leaks, remote code execution vuln on Pornhub, and more

LastPass password manager vulnerability gives hackers your passwords LastPass is one of the most popular password managers around and can also be added to your browser, allowing you to store and auto fill all your passwords, using just one master password to access them. So worryingly, a recently discovered zero day allows attackers to remotely […]

Read More →