Blog Posts Tagged with "Cross Site Scripting"

68b48711426f3b082ab24e5746a66b36

Automation, Dog Food and a Security State of Mind

January 20, 2013 Added by:Fergal Glynn

As a developer, I don’t focus on is security. I usually get the security correct, but my main goal is making all the parts work together well. And that’s true of most developers most of the time...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Moving From Poisoning the Ocean to Poisoning the Watering Hole

October 29, 2012 Added by:Fergal Glynn

Using the watering hole analogy, if you are the owner of a location where people congregate to drink you need to keep the beverages safe and clean. Unfortunately digital safety is decades behind food safety. If you own a website you need to understand what SQL Injection and XSS are...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Yourikan Claims Ninety-One Iranian Websites Hacked

August 07, 2012 Added by:Headlines

Pro-Israeli hacker Yourikan (you-r!-k@n) is claiming to have hacked and defaced as many as ninety-one Iranian websites including government, education and business targets in protest of Iran's continued pursuit of nuclear weapons and support for terrorist activities targeting Israel...

Comments  (0)

4777ea0d573c51027a097399006f228a

On th3j35t3r's Project Looking Glass

July 05, 2012 Added by:ʞɔopuooq ʇuıɐs

There haven’t been a lot of ‘TANGO DOWNS’ over the last few months. I decided that I should concentrate on targeted intelligence gathering. I needed a way to get the real world identity of ‘the marks’ – be it Anons, Jihadists or forum admins. Over the last few months I have been running ‘Project Looking Glass’...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

Despite Breach Trends - Website Vulnerabilities Decrease

July 02, 2012 Added by:Headlines

"Despite the plethora of recent breach headlines, websites could in fact be getting... less vulnerable... The time for using 'No one would want to attack us' as a security strategy is clearly over, if it was ever true to begin with. Any company doing business online has something worth hacking into..."

Comments  (1)

68b48711426f3b082ab24e5746a66b36

Disclosures: The Vulnerability of Publicly Traded Companies

June 12, 2012 Added by:Fergal Glynn

What we’ve been lacking is quantitative information that helps inform the debate around application security. We want to use this data to shape the conversation around application security so that our attention gets focused on the right things and our investments get made in the right areas...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens WinCC Multiple Vulnerabilities

June 08, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Siemens WinCC application, and Siemens identified an additional vulnerability, that may allow an attacker to gain unauthorized access, read from, or write to files and settings on the target system...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Solving Problems from the Security Viewpoint

June 07, 2012 Added by:Rafal Los

From experience, there are 3 clearly identified causes for poor adoption of well-intentioned security-built technology into everyday development and systems building... Let's take a look at them and see what can be done to raise the level of adoption from each case...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Emerson DeltaV Multiple Vulnerabilities

May 31, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Emerson DeltaV application which can be can be exploited by a remote attacker and could allow denial of service, information disclosure, or remote code execution. Emerson has produced a hotfix that mitigates these vulnerabilities...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Data Mining A Mountain of Zero Day Vulnerabilities

May 22, 2012 Added by:Fergal Glynn

Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apple Releases OS X and Safari Security Updates

May 11, 2012 Added by:Headlines

Apple has released critical security updates for OS X and Safari to address several vulnerabilities which could allow an attacker to obtain sensitive information, execute arbitrary code, escalate privileges, conduct a cross-site scripting attack, or cause a denial-of-service...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Koyo Ecom100 Multiple Vulnerabilities

April 16, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of multiple vulnerabilities with proof-of-concept exploit code affecting the Koyo ECOM100 Ethernet Module. A brute force password cracking tool has been released that targets a weak authentication vulnerability in the ECOM series modules...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Invensys Wonderware Server Multiple Vulnerabilities

April 04, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Invensys Wonderware Information Server which if exploited could allow denial of service, information disclosure, remote code execution, or session credential high jacking. Invensys has developed a security update...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Tangled Web: A Guide to Securing Modern Web Applications

February 26, 2012 Added by:Ben Rothke

There is no doubt that some sites use cookies as a mechanism for malicious use. But that there is nothing that makes it uniquely suited for this task, as there are many other equivalent ways to sore unique identifiers on visitor’s computes, such as cache-based tags...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech Webaccess Multiple Vulnerabilities

February 17, 2012 Added by:Headlines

ICS-CERT received reports of eighteen vulnerabilities in BroadWin WebAccess. These vulnerabilities include Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF)and Authentication issues. Public exploits are known to target these vulnerabilities...

Comments  (0)

B8db824b8b275afb1f4160f03cd3f733

Disclosures: How Much Sharing is Too Much?

February 15, 2012 Added by:Jack Daniel

What is the point of telling you I was compromised by spear phishing, SQL injection, cross site scripting, cross site request forgery, default credentials, or anything else we’ve know about for years? If you are ignoring all of the well-known risks, it is a waste of time...

Comments  (0)

Page « < 1 - 2 - 3 > »