Cross-site scripting is one of the most common and popular web attacks. XSS is a command injection of the client side, it can result in any action that can be performed by the user. Mostly XSS is used for session hijacking where the attacker using javascript makes the victim transmit session cookies to an attacker-controlled server and from there the attacker can perform “session riding”. However, XSS can also result in a complete application takeover. Consider a scenario in which you inject javascript and it gets stored. The admin...
How to
What is XSS? Cross-Site Scripting in short XSS refers to the penetration of website security. A simple XSS vulnerability can act as a sitewide logger. To be honest, it does more damage to the user browsing the site than the web server itself. So yes, it is quite dangerous. Some people may confuse XSS with CSS, which is a very different thing. Cascading Style Sheets or CSS is used in the design functionality of a webpage. Simple JavaScript like this can cause a massive hole in security as an...
Businesses say that they take the security of customer data seriously but, when presented with a vulnerability, are often more concerned about their own reputation than the security of their customers. Handle disclosure correctly and you can do both: protect your customers and protect your reputation. Do it wrong and you damage both. By far the most painful part of vulnerability research is responsible disclosure. If we find something bad in a smart thing, it would be fairly irresponsible to publish a method to do bad things without giving...
Adware, Trojans, and Ransomware Oh My! If you use a computer, read the newspaper, or watch the news, you will know about computer viruses or other malware. These are those malicious programs that once they infect your machine will start causing havoc on your computer. What many people do not know is that there are many different types of infections that are categorized in the general category of Malware. Malware – Malware is programming or files that are developed for the purpose of doing harm. Thus, malware includes computer viruses,...
Putting a lock on digital data should be a norm if it isn’t already YOU NEVER KNOW when one of your files might reach someone it wasn’t intended to reach—perhaps through an email forward, a USB stick left behind on a desk, or maybe even an unauthorized user accessing your computer. Should that happen, password protection is all that stands between your data and the people whom you don’t want to see it. It’s an extra layer of security you can add to your most sensitive files without too much...
By default Nmap comes fully bundled with NSE (Nmap Scripting-Engine) a fully integrated scripting engine with many useful libraries. The http library is very commonly used, however many people dont realise they are using the user-agent Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html) This is obviously a value you wouldn’t like to be used when pen-testing, as it would give your presence away on the battlefield, as they say. Additionally, it is easily detected and blocked (Unique to Nmap’s NSE http library). Furthermore, Mod Security, and many other WAF’s (Web Application...
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu