ClickJacking and Blind XSS

What you see is NOT what you get! In essence, ClickJacking (or UI redressing) is a technique used by attackers to trick users into clicking on malicious web pages that they wouldn’t have accessed otherwise, by overlaying them on apparently legitimate web pages and hiding them from sight. When ClickJacking is successful, it can have […]

Read More →

Universal Cross-site Scripting (UXSS): The Making of a Vulnerability

What is Universal Cross-site Scripting (UXSS)? Common cross-site scripting (XSS) attacks target websites or web applications that are vulnerable to XSS, because of inadequate development of client-side or server-side code. These attacks have the vulnerable web page as main prerequisite, and their effect is always revolving around the user session on the vulnerable web page […]

Read More →

Top Targets of Blind XSS

Web-based security threats are a popular topic and you can easily find related information, including on cross-site scripting and one of its important flavors, Blind XSS. However, although this information is usually delivered at a high level of detail, the description of the possible targets of such an attack is quite slim and commonly refers […]

Read More →

The Chronicles of DOM-based XSS

A brief overview of DOM-based XSS DOM-based XSS is a form of cross-site-scripting attack in which an attacker executes an attack vector through the modification of the browser’s Document Object Model (DOM) environment. Unlike stored (persistent) or reflected XSS variants, DOM-based XSS does not involve the attack payload being placed in the server response. As […]

Read More →

Cross-Site Scripting in HTTP Headers

What is XSS in HTTP Headers and How is it Different when Compared to Other XSS Attacks? When looking at various types of XSS attacks, we can easily identify the common pattern – it revolves around injecting malicious code into various areas of the HTML pages to be rendered, so that the code gets executed […]

Read More →

Insider Threats: Dealing with the Enemy Inside

For companies, threats come from two sources—outside the organization and inside (reads: disgruntled, unethical employees). Insider threats can be very difficult to handle and the number of annual incidents is on the rise. The insider threat can come in several forms: Employees who steal intellectual property Unhappy IT professionals who damage data and systems Professionals […]

Read More →