We’re into week four of National Cyber Security Awareness Month (NCSAM), which focuses last but definitely not least on the importance of securing our country’s critical infrastructure. In the U.S., it’s comprised of 16 sectors that along with other networks and systems, support the supply of food, water, financial services, public health ....
There's no doubt that IT security is a critical issue for many businesses. High profile examples of data breaches involving the likes of Facebook, British Airways, Heathrow Airport, Google+ and the U.S. State Department, merely serve to reinforce our fears and anxieties around cybersecurity.
There are compelling reasons to evaluate using a SAST platform like WhiteHat Sentinel Source, instead of using a point solution to run SAST scans.
Kate and I created a webinar together describing her penetration test methodology and results, followed by my description of how Sentinel’s Dynamic scanning and Sentinel Source analysis would identify this vulnerability, as well as best practices in application security coding to avoid it.
Never use Web Storage data for access control decisions or trust the serialized objects you store here for other critical business logic. A malicious user is free to modify their localStorage and sessionStorage values at any time, treat all Web Storage data as untrusted.