password - resized

Weak Password Vulnerability: More Common than You Think

The weakest link Imagine, just for a minute, that your web server infrastructure was a castle which you spent lots of time and resources fortifying. You built high walls, watch towers, retracting bridges, moats, solid iron bars across the windows, … [+]

Untitled-2

Persistent Cross-Site Scripting

Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS.  In general, XSS attacks are based on the victim’s trust in a legitimate, but … [+]

ROI - resized

The ROI of Protecting Against Cross-Site Scripting

The ways in which your organization can be damaged by cross-site scripting (XSS) attacks are endless. Apart from the damage it can cause on its own, successful cross-site scripting can be used as a platform for delivering even more devastating … [+]

Non-Persistent XSS blog post image

Non-Persistent Cross-Site Scripting

Non-Persistent cross-site scripting (XSS), also known as Reflected XSS, is one of the three major categories of XSS attacks, the others are; persistent (or Stored) XSS and DOM-based XSS.  In general, XSS attacks are based on the victim’s browser trust … [+]

Click here

ClickJacking and Blind XSS

What you see is NOT what you get! In essence, ClickJacking (or UI redressing) is a technique used by attackers to trick users into clicking on malicious web pages that they wouldn’t have accessed otherwise, by overlaying them on apparently … [+]

UXSS

Universal Cross-Site Scripting (UXSS): The Making of a Vulnerability

What is Universal Cross-Site Scripting (UXSS)? Common cross-site scripting (XSS) attacks target websites or web applications that are vulnerable to XSS, because of inadequate development of client-side or server-side code. These attacks have the vulnerable web page as main prerequisite, … [+]

Communicating with Management 3

Communicating with Management about Web Security, Part 3 – Getting and Keeping Your Message Out There

We’ve all seen it. Apathy and disinterest are the name of the game with web security until a business deal is threatened, a data breach occurs, or an auditor reports something negative to the board and management is called on … [+]

data target -resized

Top Targets of Blind XSS

Web-based security threats are a popular topic and you can easily find related information, including on cross-site scripting and one of its important flavors, Blind XSS. However, although this information is usually delivered at a high level of detail, the … [+]

Communicating with Management 2

Communicating with Management about Web Security, Part 2 – Prioritization and Sending the Right Message

Have you ever noticed that many people aren’t motivated to do things until there’s a pressing need that’s often personal in nature? It’s the way the world works. In fact, the fear of loss and the desire for gain are … [+]

7 Surefire Ways To Get Your Website Hacked

7 Sure-fire Ways to Get Your Website Hacked

Hackers exploit vulnerable systems – and unprepared individuals – to access trade and commercial secrets, damage or gain control of national assets of strategic importance, publicly embarrass top brands, and wreak general havoc with considerable financial, social and economic repercussions. … [+]