Step 1 to Resolving the Spring4Shell Vulnerability: Find It, Safely

This blog was co-authored by Eric Rodriguez, Sarah Perkins, and Vishrut Iyengar – NTT AppSec Security Staff. Spring is upon...

Are You Using Secure Passwords?

May 5th, 2022 is World Password Day and this year, more than years past, it’s a really important day. It’s...

Hackers Never Let April Fools’ Day Go to Waste

“Since March began thirty days and two,”[1] hackers’ distinctive humorous style has continually regaled. Whether you’re a fan of obscure...

Key Findings: GTIC – Monthly Intelligence Report

A new report published this month by NTT’s Global Threat Intelligence Center (GTIC) is shedding new light on the Colonial...

Best Practices in Identifying and Remediating Vulnerabilities

It’s in the nature of cybersecurity that every technology vendor and service provider is vulnerable to security breaches and attacks...

Protecting Apache Struts through DAST, SAST, and SCA

Cyber Attackers: A perfect 10! Olympic Committee: Failed to qualify.

Can you hear me now? APIs are vulnerable!

Whole Foods, Sonic Drive-in… POS System breaches. Why are we still seeing breaches like this?

To #Petya or #NotPetya – It’s an Important Question

74 Countries and Counting… Today’s Massive Ransomware Attack

Apache Struts 2 CVE-2017-5638: Are My Applications Vulnerable to Remote Code Execution?

Verizon Needed a Security Facts Label

Top 10 Web Hacking Techniques of 2015

UPDATE – 4/20/2016 We have our Top 10 list folks! After a lot of coordination, research, voting by the community and...

CVE-2015-0204 Freak Attack

It has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade...

Bypassing Internet Explorer’s Anti-XSS Filter

There’s a problem with the reflective Cross Site Scripting (“XSS”) filter in Microsoft’s Internet Explorer family of browsers that extends...

The Case of an Unconventional CSRF Attack in Firefox

It appears that an unconventional method of Cross Site Request Forgery may be made exploitable by using Firefox versions 21...

Web Storage Security

The web waits for no one, not even W3C. While the HTML5 specification isn’t finalized, and HTML5 Storage has even...

How I stole source code with Directory Indexing and Git

The keys to the kingdom pretty much always come down to acquiring source code for the web application you’re attacking...

7 Ways Vulnerability Scanners May Harm Websites and What To Do About It

Whether we like it or not, whether we want them to or not, whether it’s legal or not, there are...

A Single-Site Browser’s impact on XSS, CSRF, and Clickjacking

A Single-Site Browser (SSB) is a highly restricted Web browser only capable of connecting to a single website. A “website”...