The term JSON injection may be used to describe two primary types of security issues: Server-side JSON injection happens when data from an untrusted source is not sanitized by the server and written directly to a JSON stream. Client-side JSON injection happens when data from…
What Is Session Fixation
Session fixation is a web attack technique. The attacker tricks the user into using a specific session ID. After the user logs in to the web application using the provided session ID, the attacker uses this valid session ID to gain access to the user’s…
How I Found an XSS in Google using Acunetix
I’m an independent security researcher and make my living mostly by cashing in on bounties. I use a lot of manual tools but I also find Acunetix very useful. Recently, I found out that Acunetix can even help me find a vulnerability in Google. Here…
What Is Cross-Frame Scripting (XFS)
Cross-Frame Scripting is a web attack technique that exploits specific browser bugs to eavesdrop on the user through JavaScript. This type of attack requires social engineering and completely depends on the browser selected by the user, therefore it is perceived as a minor web application…
Mobile App Security – Don’t Forget the APIs!
Every year more and more consumers use mobile devices to access online services. This means that every service business, and not only in the case of B2C but also B2B services, must cater to the needs of mobile device owners. However, mobile device users prefer…
What Is Privilege Escalation and How It Relates to Web Security
Privilege escalation, in simple words, means getting privileges to access something that should not be accessible. Attackers use various privilege escalation techniques to access unauthorized resources. For web application security, privilege escalation is an important concern because web intrusions are usually only the first stage…
How Does IoT Security Relate to Web Security
Smart devices, which are part of the IoT ecosystem (Internet of Things), are not only increasingly prevalent at homes. They also find their way into businesses of all sizes including enterprises. Unfortunately, the cybersecurity of IoT devices leaves a lot to be desired and is…
White paper: The Future Is the Web! How to Keep It Secure?
The web is everywhere and it’s not an exaggeration. More and more application manufacturers move from dedicated desktop interfaces to web interfaces. You are probably using a web-based email system. Chances are that you are creating your documents using a web platform. If you develop…
What Is SEO Poisoning (Search Engine Poisoning)
Search engine optimization poisoning (SEO poisoning) is a term used to describe two types of activities: Illegitimate techniques used to achieve high search engine ranking, usually (but not only) to attack visitors Exploiting vulnerabilities on existing high-ranking web pages and using them to spread malware…