Open Mobile Menu

Blog

Filed In: InfoSec, Security Testing, Security

CSV Formula Injection

Ryan Borden

Written By: Ryan Borden

February 21, 2018

Views: 2569

A few years back I was testing an application which had CSV export functionality and I noticed something weird. When I clicked the export button the application submitted a request with the CSV data in the POST body.

Read more.

The Problem with Blacklisting; A Look at Weird Cross Site Scripting Injections

Ryan Borden

Written By: Ryan Borden

January 23, 2017

Views: 3662

So you’ve been testing the web application you built for Cross Site Scripting vulnerabilities, and you’re pretty sure that your defenses are solid. You even dusted off your cheat sheet to help you build out a really comprehensive blacklist. Your site is bullet-proof, right? Well, probably not.

Read more.