Cross Site Scriptingcyber mondayphishingXSS Beware of Spear Phishing Nov 28, 2016 by Paul Curran For malicious parties hoping to capitalize on the frantic frenzy of online purchasing, both the prevalence of email marketing and popularity of mobile purchasing pose significant threats. The promise of incredible deals via email marketing campaigns presents the perfect attack vector for malicious parties to prey on unsuspecting shoppers. Read More › Cross Site Scriptingcyber mondayphishingXSS
Application SecurityCross Site ScriptingDeveloper AwarenessHackingphishing Everyone Talks About Phishing, But No One Blames XSS Apr 26, 2016 by Paul Curran Phishing. An ancient attack by internet standards, that both the general public and developers are aware of to different extents. Phishing relies on social engineering to allow hackers to gain access to sensitive data through fraudulent call-to-actions which mimic alerts from trusted brands and sources. Read More › Application SecurityCross Site ScriptingDeveloper AwarenessHackingphishing
Application SecurityCross Site ScriptingDASTPenetration TestingRafay BalochSASTWAFXSS Eye Of The Hacker: Analyzing Today’s Top Application Security Solutions Aug 20, 2015 by Sharon Solomon Rafay Baloch takes no prisoners when it comes to exposing vulnerabilities. An ethical hacker since the young age of 14, Baloch is now known within InfoSec circles as a seasoned security expert. His ever-growing list of “victims” includes leading platforms such as Android, Google, PayPal and Nokia, with the former earning him worldwide acclaim. Read More › Application SecurityCross Site ScriptingDASTPenetration TestingRafay BalochSASTWAFXSS
Cross Site ScriptingLDAP InjectionOS Command InjectionResource InjectionSQL InjectionsSDLCXSS 5 Deadly Code Injections That Can Obliterate Your Application May 13, 2015 by Sharon Solomon Cybercrime has evolved significantly over the years. While initially based mainly on social engineering and phishing, hackers today implement a wide range of techniques to exploit vulnerable applications with porous code. Code injections have arguably become the weapons of choice for hackers and are constantly being used to perform high-profile hackings worldwide. Read More › Cross Site ScriptingLDAP InjectionOS Command InjectionResource InjectionSQL InjectionsSDLCXSS
Ali ExpressApplication SecurityCross Site Scriptinge-CommerceOWASPXSS The AliExpress XSS Hacking Explained Mar 24, 2015 by Sharon Solomon This post was originally published on the AppSec-Labs blog. As you may have heard it was recently advertised that AliExpress, one of the world’s largest online shopping websites, was found to have substantial security shortcomings. As one of the people who discovered the Cross-Site Scripting (XSS) vulnerability, I would like to discuss and elaborate Read More › Ali ExpressApplication SecurityCross Site Scriptinge-CommerceOWASPXSS
Cross Site Scriptinginformation securitySochiSQL InjectionXSS US-CERT Releases InfoSec Guidelines For 2014 Winter Olympics Feb 5, 2014 by Sharon Solomon The 2014 Winter Olympic Games begin on February 6 in Sochi, Russia. While always a spectacular and festive event, the technological aspect brings in numerous Information Security issues. The United States Computer Emergency Readiness Team (Department of Homeland Security) has released a formal advisory ahead of the Sochi Games. Read More › Cross Site Scriptinginformation securitySochiSQL InjectionXSS