Collaborate Disseminate
Chrome’s development team has decided to retire the XSS Auditor, its inbuilt Cross-Site-Scripting (XSS) filter that aimed to prevent reflected Cross Site Scripting vulnerabilities in the majority of cases. While this move might surprise many observers,… Continue reading Goodbye XSS Auditor
If JavaScript is your programming language of choice, you probably don’t have to worry about string concatenation a lot. Instead, one of the recurring problems you might encounter is having to wait for JavaScript’s npm package manager to in… Continue reading The Problem of String Concatenation and Format String Vulnerabilities
DNS, also known as Domain Name System, is the internet-wide service that translates fully qualified hostnames (FQDNs) such as www.netsparker.com into an IP address. It was developed because it’s much easier to remember a domain name than an IP address…. Continue reading Pros and Cons of DNS Over HTTPS
There are few topic that developers universally agree on. One example that often leads to heated discussions is the choice of the right source code editor. You may be a Vim fanatic or maybe you prefer the simplicity of Nano or the extensibility of Visu… Continue reading Server-Side Template Injection Introduction & Example
Have you ever experienced that sinking feeling when you discover that you’ve run out of one crucial ingredient for a special meal? It might be a single ingredient, but it ruins the whole dish, doesn’t it? In the world of web application security, one a… Continue reading Type Juggling Authentication Bypass Vulnerability in CMS Made Simple
In PHP, as in every other programming language you use for web development, developers should avoid writing code that passes user-controlled input to dangerous functions. This is one of the basics of secure programming. Whenever a function has the capa… Continue reading Why You Should Never Pass Untrusted Data to Unserialize When Writing PHP Code
The EU General Data Protection Regulation (GDPR) is a regulation formulated by the European Union to strengthen and unify data protection for all individuals within the European Union (EU). It covers many subjects, such as Privacy by Design and Data Br… Continue reading GDPR Article 32: Security of Data Processing
Denial of Service attacks that bring down popular websites often involve thousands of hacked consumer devices and servers. While these attacks mainly aim to overwhelm the target system with traffic, in order to deny service to legitimate users, bugs at… Continue reading Application Level Denial of Service – An In-Depth Guide
The main difference between a Remote File Inclusion (RFI) vulnerability and a second-order one is that in a second-order RFI, attackers do not receive an instant response from the web server, so it is more difficult to detect. This is because the paylo… Continue reading Second-Order Remote File Inclusion (RFI) Vulnerability Introduction & Example
I’m sure lots of you are sad that Black Hat USA 2017 and DEF CON 25 are over. You had a hell of a time in Las Vegas, were given the opportunity to listen to some great talks and meet people who share the same interest. And of course, you’ve learned a l… Continue reading Missed Black Hat or DEF CON? We’ve got you covered