Tag : XSS

iStock_000031987780Small

US-CERT Releases InfoSec Guidelines For 2014 Winter Olympics

Feb 05, 2014 By Sharon Solomon | The 2014 Winter Olympic Games begin on February 6 in Sochi, Russia. While always a spectacular and festive event, the technological aspect brings in numerous Information Security issues. The United States Computer Emergency Readiness Team (Department of Homeland Security) has released a formal advisory ahead of the Sochi Games.

</Read More>
iStock_000011757339XSmall

Istana Website Hacked; Singapore Cybercrime On The Rise

Dec 02, 2013 By Sharon Solomon | The list of hacked websites just keeps getting longer. The Istana website, official cyber-domain of Singapore’s Presidential Office, is the latest high-profile casualty. The Singaporean police have arrested two suspects, who have been charged under the Computer Misuse and Cybersecurity Act, punishable by up to five years in prison.

</Read More>
iStock_000025490533Small-300x300

This Week In Application Security News: Nov. 25 – Dec. 1

Dec 01, 2013 By Sarah Vonnegut | Winner of the ‘Worst Week’ award goes to James Howells, who this week realized he threw away a hard drive with 7,500 Bitcoins worth over $7.5 million in current BTC value. Read about his million dollar fumble, the still-unfolding Vodafone breach, new NSA snooping and more in this week’s edition of The Week in AppSec.

</Read More>
iStock_000024004809Small-300x300

2,000+ Websites Vulnerable With Ruby on Rails Flaw

Nov 28, 2013 By Sarah Vonnegut | A new exploit, discovered by a white-hat hacker, puts users of over 2,000 Websites in danger of attack. Older versions of Ruby on Rails, a popular open source Web app, employ a defective session management system that could affect the users on the thousands of sites that use it. G.S. McNamara, a security researcher based in D.C., first found the vulnerability issue back in September. The exploit is an Insufficient Session Expiration weakness, and McNamara says it’s fairly common. It’s especially dangerous for shared computers with lots of daily user turnover, such as in libraries or internet cafes.

</Read More>
Obamacare-300x300

Obamacare Website Compromised; Security Issues Surface

Nov 21, 2013 By Sharon Solomon | The Obamacare website has now joined the ever-growing list of compromised portals. Reports of bad user-experience and rumors of security breaches have been making the rounds for weeks, but the newly launched national healthcare website (healthcare.gov) has now apparently fallen prey to a typical Cross-Site Scripting attack. 

</Read More>
drupal-262x300

Analysis of Drupal Security Vulnerabilities

Aug 16, 2012 By Administrator | Drupal is a free and open-source content management system (CMS) and content management framework (CMF) written in PHP and distributed under the GNU General Public License. It is used as a back-end system for at least 2.1% of all websites worldwide ranging from personal blogs to corporate, political, and government sites including whitehouse.gov and data.gov.uk. It is also used for knowledge management and business collaboration.

</Read More>

What’s HOT in Application Security Vol #16

Jun 18, 2012 By Administrator | WHMCS still vulnerable after latest string of attacks
WHMCS is a UK supplier of technical support and customer service is yet again the victim of a Ddos attack, due to its inability to mend an already known SQL Injection vulnerability. The embarrassment continued for the company in the days following where a hacker was auctioning the rights to abuse the weakness using an underground forum.

</Read More>

What’s HOT in Application Security Vol#12

May 14, 2012 By Administrator | 90% of all Custom Built Web Application are Wide Open for Attacks!
An astounding 86% of custom built websites are said to have vulnerabilities, said a report issued last week by an American IT company. Nearly 90% of all custom designed web applications tested found positive SQL Injection leaks.

</Read More>

Whats HOT in Application Security Vol #9

Apr 24, 2012 By Administrator | Lady Gaga keeps her poker face in light of SQL Injection!
Lady Gaga’s website had a ‘Bad Romance’ with an SQL Injection attack, revealing the personal details of thousands of fans! The hack was reported more than six months ago and was committed by a group of hackers going under the pseudoname ‘SwagSec’. Even though the hackers never actually published the personal information of the fans, it is a major embarrassment for Lady Gaga’s team.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.