When we discuss vulnerabilities in applications, there are different categories that we come across. Some vulnerabilities are extremely common yet allow for little or no damage should an attacker discover and exploit them, while others are incredibly rare but can have major, lasting impact on the organizations behind the attacked application. Then, there’s the third
For malicious parties hoping to capitalize on the frantic frenzy of online purchasing, both the prevalence of email marketing and popularity of mobile purchasing pose significant threats. The promise of incredible deals via email marketing campaigns presents the perfect attack vector for malicious parties to prey on unsuspecting shoppers.
2016 has been a hot year for hackers and this trend shows no sign of stopping. Major hacks and the breached data released as a result over the course of 2016 have led to millions in losses for the organizations who failed in establishing proper web application security. The now-infamous Yahoo hack cast some shades
Online e-commerce has become the rage. Millions of people worldwide are doing their shopping on the various online platforms. But even enormous e-commerce platforms like eBay are not immune to cybercrime, as security researcher MLT demonstrated recently. The culprit this time was Cross Site Scripting (XSS), a common application layer vulnerability that obviously was not detected/remediated during
Mobile devices have exploded in our modern world. And with the explosion have come implications. Business can be conducted anywhere now, and high-value documents and data can easily be read and shared on the go. While this may be great for productivity levels and greater flexibility, security risks only seem to increase as more
Rafay Baloch takes no prisoners when it comes to exposing vulnerabilities. An ethical hacker since the young age of 14, Baloch is now known within InfoSec circles as a seasoned security expert. His ever-growing list of “victims” includes leading platforms such as Android, Google, PayPal and Nokia, with the former earning him worldwide acclaim.
Cybercrime has evolved significantly over the years. While initially based mainly on social engineering and phishing, hackers today implement a wide range of techniques to exploit vulnerable applications with porous code. Code injections have arguably become the weapons of choice for hackers and are constantly being used to perform high-profile hackings worldwide.
This post was originally published on the AppSec-Labs blog. As you may have heard it was recently advertised that AliExpress, one of the world’s largest online shopping websites, was found to have substantial security shortcomings. As one of the people who discovered the Cross-Site Scripting (XSS) vulnerability, I would like to discuss and elaborate
Application security has become a huge challenge for IT companies worldwide. More and more exploits, causing widespread financial and technical damage, are being reported on almost a daily basis. While primarily taking these security issues head-on, Checkmarx is also providing an interactive solution to promote secure coding standards within organizations.
Many applications today possess critical vulnerabilities – SQL injections (SQLi), Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) being just a few of them. The first step in combating these security issues is getting to know how they work and learning about them from real life scenarios. Unfortunately, not all developers today are familiar with the