trojan--resized

Danger: Open Ports – Trojan is as Trojan does

Open ports are the doorways to your secure perimeter. Behind open ports, there are applications and services listening for inbound packets, waiting for connections from the outside, in order to perform their jobs. Security best practices imply the use of … [+]

teamwork - resized

Ways to Keep your Developers Interested in Web Security

Working in IT over the past couple of decades I’ve witnessed the good, the bad, and the downright ridiculous when it comes to the way software developers are treated by management. Seeing what I’ve seen, and having been in those … [+]

blog post image - resized

Elaborate Ways to Exploit XSS: XSS Proxies

In his book “Web Application Vulnerabilities: Detect, Exploit, Prevent”, Steve Palmer describes XSS Proxies as cross-site scripting exploitation tools that allow attackers to temporarily take control over the victim’s browser. XSS Proxy functions as a web server which takes commands … [+]

victims- resized

CSRF and XSS – Brothers in Arms

What is CSRF (XSRF)? Cross-Site Request Forgery is a type of web attack which exploits the trust of a website in the user’s browser. In essence, the attacker manipulates the victim’s browser to send requests in the user’s name to … [+]

play - resized

Elaborate Ways to Exploit XSS: Flash Parameter Injection

Common cross-site scripting (XSS) attacks rely on the injection of malicious code (usually JavaScript) in HTML pages, HTML headers or page DOM. There are, however, ways of injecting malicious code in less likely, very popular and innocent-looking places, such as … [+]

password - resized

Weak Password Vulnerability: More Common than You Think

The weakest link Imagine, just for a minute, that your web server infrastructure was a castle which you spent lots of time and resources fortifying. You built high walls, watch towers, retracting bridges, moats, solid iron bars across the windows, … [+]

Untitled-2

Persistent Cross-Site Scripting

Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS.  In general, XSS attacks are based on the victim’s trust in a legitimate, but … [+]

ROI - resized

The ROI of Protecting Against Cross-Site Scripting

The ways in which your organization can be damaged by cross-site scripting (XSS) attacks are endless. Apart from the damage it can cause on its own, successful cross-site scripting can be used as a platform for delivering even more devastating … [+]

Non-Persistent XSS blog post image

Non-Persistent Cross-Site Scripting

Non-Persistent cross-site scripting (XSS), also known as Reflected XSS, is one of the three major categories of XSS attacks, the others are; persistent (or Stored) XSS and DOM-based XSS.  In general, XSS attacks are based on the victim’s browser trust … [+]