Blacklisting is not the best or only way to avoid an XSS attack. This web application penetration scenario shows how an attacker could circumvent this safety feature.
Testing Single Page Applications for Broken Access Control Policies
Bank Websites and insufficient process validation – A recipe for Fraud
As web applications become more complex due to the use of various technologies, so will the attack surface of the applications that implement these technologies. Applications that utilize JSON to populate application content are just one example.
This Top 10 list is for you — developers and software engineers — designing mobile apps today.
Kate and I created a webinar together describing her penetration test methodology and results, followed by my description of how Sentinel’s Dynamic scanning and Sentinel Source analysis would identify this vulnerability, as well as best practices in application security coding to avoid it.