Collaborate Disseminate
I’ve came across an interesting question today – how can a JavaScript detect that a DNS Spoofing attack has been made against the client its running upon?
Scenario:
Edit: wrong scenario was presented. Please refer @Polynom… Continue reading DNS Spoofing Detection with JavaScript
I am performing a security research on a platform which allows developers to inject custom JavaScript in the DOM of any Origin. As per my understanding, this is a security flaw. Can anyone help me understand if this is an iss… Continue reading Custom JavaScript injection allowed in DOM of other Origins
According to https://en.wikipedia.org/wiki/Cross-site_request_forgery#Cookie-to-header_token
The protection provided by this technique can be thwarted if the
target website disables its same-origin policy using one of the
following… Continue reading How can the Cookie-to-header-token CSRF protection technique be thwarted by permissive CORS origin header?
I have an API endpoint that is accessible by both native (console, mobile apps) and Javascript based clients.
How do I ensure that the CSRF AntiForgeryToken is only invoked during Javascript calls?
Can this be done in a no… Continue reading How can I securely disable CSRF validation for native clients when browser clients access the same API?
I’m investigating CSRF implementations in ASP.NET, MVC, WebAPI the relationship between the headers that are sent:
A Javascript client call of XMLHttpRequest.withCredentials
A server response of Access-Control-Allow-Credent… Continue reading How does SupportsCredentials, Access-Control-Allow-Credentials, and CORS Origin=* relate?
Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data. Continue reading How Web Apps Can Turn Browser Extensions Into Backdoors
Let’s assume an attacker manages to inject this script in a login page:
const form = document.getElementsByTagName(‘form’)[0];
form.addEventListener(‘submit’, stealCredentials);
function stealCredentials() {
const logi… Continue reading Prevent javascript cross-origin write
Same origin policy is an important part of the security model so it is “on” by default for most things, but for the referer it does not seem to be so. The default for browsers seem to be no-referrer-when-downgrade which in pr… Continue reading Why does not Referer header use “same-origin” by default?
Online ad industry moves away from once prolific ads that are now deemed insecure because of DOM-based XSS vulnerabilities. Continue reading Once Popular Online Ad Format Opens Top Tier Sites to XSS Attacks
As stated here, https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS at “Credentialed requests and wildcards”. Quote:
When responding to a credentialed request, the server must specify an
origin in the value of the Ac… Continue reading Web-Application with CORS Origin: * using authorization header