Open Mobile Menu


Filed In: Application Security, Security

HTTPS or Be Warned

Adam Caudill

Written By: Adam Caudill

July 24, 2018

Views: 1446

Today marks an important event in the security of the web – starting with today’s release of Chrome v68, the most popular browser in use today is warning users when they access a website over an insecure connection. While this is a small change to the user interface, it makes the dangers of insecure connections clear to users, even in cases where the website doesn’t collect information.

Read more.

Filed In: Application Security, Security

Using the Same-origin Policy to Control for Cross-Site Request Forgery

Scott Simmons

Written By: Scott Simmons

July 23, 2018

Views: 1710

Cross-Site Request Forgery (CSRF) is a security issue which can allow legitimate users to be tricked into performing actions in your web application on behalf of a malicious attacker. A successful phishing attack or similar scheme could be leveraged to exploit a CSRF vulnerability. It’s a serious issue which can be difficult to detect without manual penetration testing. 

Read more.

Filed In: Security Testing, Security

Hardware Design: Dangers of User Accessible Ports

Brandon Wilson

Written By: Brandon Wilson

July 09, 2018

Views: 1329

Generally, it is a mistake for a web application to have an open and publicly accessible administrative interface – particularly one that does not require credentials in order to use. This principle is just as applicable to hardware designs as it is to application designs.

Read more.

Filed In: InfoSec, Security Testing, Security

CSV Formula Injection

Ryan Borden

Written By: Ryan Borden

February 21, 2018

Views: 7642

A few years back I was testing an application which had CSV export functionality and I noticed something weird. When I clicked the export button the application submitted a request with the CSV data in the POST body.

Read more.