Collaborate Disseminate
A new skimmer attack was discovered this week, targeting various online e-commerce sites built with different frameworks. As of the writing of this blog post, the attack is still active and exfiltrating data. Continue reading A new skimmer uses WebSockets and a fake credit card form to steal sensitive data
The Open Web Application Security Project (OWASP) Foundation defines script attacks as a "type of injection in which malicious scripts are injected into otherwise benign and trusted websites." From the perspective of the user, malicious code is… Continue reading Client-Side Protection is Key to Web Application Security
The Open Web Application Security Project (OWASP) Foundation defines script attacks as a "type of injection in which malicious scripts are injected into otherwise benign and trusted websites." From the perspective of the user, malicious code is coming from trusted websites. Recently popularized by Magecart hacker groups, script attacks have focused on the web skimming of cookies, tokens, and — most commonly — personally identifiable information (PII) such as payment information, medical records, and other types of sensitive information. Continue reading Client-Side Protection is Key to Web Application Security