Is VBScript RegExp object exploitable with a code injection or does it escape special characters?

The VBScript’s RegExp object used in Classic ASP allows one to set a pattern then execute it. If a user provides the search string, is it exploitable for IDS08-J / CWE-625 (Permissive Regex)? Or does the RegExp object sanitize input to … Continue reading Is VBScript RegExp object exploitable with a code injection or does it escape special characters?

Threat Modeling in the Age of Automation

Cybersecurity threats are rising fast, leading enterprises that build applications to look more closely at security measures built on precautionary principles, including threat modeling, which has become core to ensuring applications can withstand fut… Continue reading Threat Modeling in the Age of Automation

Identifying the Most Dangerous Common Software and Hardware Weaknesses and Vulnerabilities – The CWE Top 25 (2020 Edition)

So far, there has not been a perfect solution to ridding the world of software and hardware weaknesses. Keeping up-to-date with which weaknesses have are most common and impactful can be a daunting task. Thankfully, a list has been made to do just that… Continue reading Identifying the Most Dangerous Common Software and Hardware Weaknesses and Vulnerabilities – The CWE Top 25 (2020 Edition)