Tag : Cross Site Scripting

spear phishing attacks

Beware of Spear Phishing

Nov 28, 2016 By Paul Curran | For malicious parties hoping to capitalize on the frantic frenzy of online purchasing, both the prevalence of email marketing and popularity of mobile purchasing pose significant threats.   The promise of incredible deals via email marketing campaigns presents the perfect attack vector for malicious parties to prey on unsuspecting shoppers.

</Read More>
xss-phishing-2

Everyone Talks About Phishing, But No One Blames XSS

Apr 26, 2016 By Paul Curran | Phishing. An ancient attack by internet standards, that both the general public and developers are aware of to different extents. Phishing relies on social engineering to allow hackers to gain access to sensitive data through fraudulent call-to-actions which mimic alerts from trusted brands and sources.
 

</Read More>
Application Security

Eye Of The Hacker: Analyzing Today’s Top Application Security Solutions

Aug 20, 2015 By Sharon Solomon | Rafay Baloch takes no prisoners when it comes to exposing vulnerabilities. An ethical hacker since the young age of 14, Baloch is now known within InfoSec circles as a seasoned security expert. His ever-growing list of “victims” includes leading platforms such as Android, Google, PayPal and Nokia, with the former earning him worldwide acclaim.

</Read More>
Code Injections

5 Deadly Code Injections That Can Obliterate Your Application

May 13, 2015 By Sharon Solomon | Cybercrime has evolved significantly over the years. While initially based mainly on social engineering and phishing, hackers today implement a wide range of techniques to exploit vulnerable applications with porous code. Code injections have arguably become the weapons of choice for hackers and are constantly being used to perform high-profile hackings worldwide.     

</Read More>
Ali Express

The AliExpress XSS Hacking Explained

Mar 24, 2015 By Sharon Solomon | This post was originally published on the AppSec-Labs blog.   As you may have heard it was recently advertised that AliExpress, one of the world’s largest online shopping websites, was found to have substantial security shortcomings. As one of the people who discovered the Cross-Site Scripting (XSS) vulnerability, I would like to discuss and elaborate on it in the following post.   A few months ago, I purchased some items from AliExpress. After the purchase, I sent a message to the seller in order to ask him a question regarding the items. From my experience as an application security expert at AppSec Labs, I had suspected that it might be vulnerable to a certain security breach, and so I started to investigate the issue locally without harming the system or its users.  

</Read More>
iStock_000031987780Small

US-CERT Releases InfoSec Guidelines For 2014 Winter Olympics

Feb 05, 2014 By Sharon Solomon | The 2014 Winter Olympic Games begin on February 6 in Sochi, Russia. While always a spectacular and festive event, the technological aspect brings in numerous Information Security issues. The United States Computer Emergency Readiness Team (Department of Homeland Security) has released a formal advisory ahead of the Sochi Games.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.