Blog

In this article, we’ll take a closer look at how research partners Vertical Structure and WhiteHat Security worked together to identify and verify a vulnerability, and then notify and work with the vendor to quickly and effectively remediate the issue and protect customers.

On August 22, 2018, Apache Struts announced a security vulnerability and patch which remediates a critical remote code execution vulnerability. Apache Struts is a Java-based web application platform used by an estimated 65 percent of Fortune 100 companies. With this latest vulnerability, attackers can exploit a web application...

2018 Winter Olympic Games hit with destroyer malware during opening ceremony.

Learn best practices about how to avoid API Vulnerabilities from security experts at WhiteHat Security.

Learn about the two announcements for POS System breaches with Whole Foods and Sonic Drive-in. 

There's another 'worldwide' attack known as Petya Ransomware and it's spreading quickly - learn about it first from WhiteHat Security.

A large scale cyber attack of hospitals across England has staff and patients reeling. The fallout has serious impacts on individuals’ healthcare, as everything from patient records and prescriptions to surgery schedules are inaccessible.

This week, it was reported that certain versions of the Apache Struts 2 Framework are vulnerable to Remote Code Execution attacks.

With the migration towards digital transformation and the onslaught of cyber attacks, we need a “Security Facts” label so that we as consumers may make more informed decisions about the risk we are inheriting from the use or acquisition of applications.

After a lot of coordination, research, voting by the community and judging - learn the Top 10 Web Hacking Techniques of 2015.

It has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade attack. In short, an attacker could man-in-the-middle a user and web server, force the user and server to downgrade to a set of export ciphers which are weak and outdated.

There’s a problem with the reflective Cross Site Scripting (“XSS”) filter in Microsoft’s Internet Explorer family of browsers that extends from version 8.0 (where the filter first debuted) through the most current version, 11.0, released in mid-October for Windows 8.1, and early November for Windows 7.

It appears that an unconventional method of Cross Site Request Forgery may be made exploitable by using Firefox versions 21 and below.

Never use Web Storage data for access control decisions or trust the serialized objects you store here for other critical business logic. A malicious user is free to modify their localStorage and sessionStorage values at any time, treat all Web Storage data as untrusted.

The keys to the kingdom pretty much always come down to acquiring source code for the web application you’re attacking from a blackbox perspective.

Learn 7 ways vulnerability scanners may harm websites and what to do about it.

A Single-Site Browser (SSB) is a highly restricted Web browser only capable of connecting to a single website. A “website” can be defined as a white-listed collection of one or more hostnames, IP addresses, ports, and protocols.