Tag : Same Origin Policy


Beyond XSS and CSRF: Same Origin Method Execution

Aug 12, 2015 By Sarah Vonnegut | Unless you were living under a rock last fall, you heard about the major iCloud hack that saw nude pictures of A-list celebrities posted all over the web. The fact that someone could hack into private clouds and steal the sensitive data contained within alarmed web users around the world.   That wasn’t the only exploit of its kind. If someone malicious had discovered another, similar exploit on Google+, there could have been a similar batch of stolen photos.   Luckily, the hacker that found them is a white-hat and plays for the good side. Ben Hayak plays for the good side, and our private Google Plus photos have been saved from prying hands.   Ben, a senior security engineer at Salesforce, recently discovered a method of attack that would pose major threats to users and sites with successful attacks.  

</Read More>

Pakistani Ethical Hacker Reveals How He Exposed Android Vulnerabilities

Oct 21, 2014 By Sharon Solomon | Hackers are often viewed as modern-day pirates. While mostly true due to the security hazards they create, ethical hackers actually are very helpful in actually improving security standards. Most of these security experts perform these actions simply for the benefit of the community. Rafay Baloch is one such ethical hacker.   Baloch, also known as Pakistan’s “Top Ethical Hacking Prodigy”, has been in the headlines recently for exposing two vulnerabilities in Android’s stock (AOSP) browser. These security loopholes allow hackers to steal the mobile user’s session cookie, enabling them to perform a wide variety of malicious actions including identity theft.   The Pakistani AppSec expert, currently an undergraduate student who spends his free time honing his research skills, was also kind enough to take Checkmarx’s questions and provide an in-depth view into how he revealed the aforementioned vulnerabilities in the world’s most popular mobile OS.  

</Read More>

Major Android Browser Flaw Allowing Hackers to Bypass SOP Mechanism

Sep 30, 2014 By Sharon Solomon | The Android platform has taken the world by storm in recent years. It was announced at Google’s recent 2014 I/O developer conference that over 538 million Android devices are currently in use worldwide. Android has now leapfrogged Apple’s iOS in the US, where it currently has almost 52% of the smartphone market share.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.