
Step 1 to Resolving the Spring4Shell Vulnerability: Find It, Safely
This blog was co-authored by Eric Rodriguez, Sarah Perkins, and Vishrut Iyengar – NTT AppSec Security Staff. Spring is upon...
CONTINUE READING
Are You Using Secure Passwords?
May 5th, 2022 is World Password Day and this year, more than years past, it’s a really important day. It’s...
CONTINUE READING
Hackers Never Let April Fools’ Day Go to Waste
“Since March began thirty days and two,”[1] hackers’ distinctive humorous style has continually regaled. Whether you’re a fan of obscure...
CONTINUE READING
Key Findings: GTIC – Monthly Intelligence Report
A new report published this month by NTT’s Global Threat Intelligence Center (GTIC) is shedding new light on the Colonial...
CONTINUE READING
Best Practices in Identifying and Remediating Vulnerabilities
It’s in the nature of cybersecurity that every technology vendor and service provider is vulnerable to security breaches and attacks...
CONTINUE READING






Top 10 Web Hacking Techniques of 2015
UPDATE – 4/20/2016 We have our Top 10 list folks! After a lot of coordination, research, voting by the community and...
CONTINUE READING
CVE-2015-0204 Freak Attack
It has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade...
CONTINUE READING
Bypassing Internet Explorer’s Anti-XSS Filter
There’s a problem with the reflective Cross Site Scripting (“XSS”) filter in Microsoft’s Internet Explorer family of browsers that extends...
CONTINUE READING
The Case of an Unconventional CSRF Attack in Firefox
It appears that an unconventional method of Cross Site Request Forgery may be made exploitable by using Firefox versions 21...
CONTINUE READING
Web Storage Security
The web waits for no one, not even W3C. While the HTML5 specification isn’t finalized, and HTML5 Storage has even...
CONTINUE READING
How I stole source code with Directory Indexing and Git
The keys to the kingdom pretty much always come down to acquiring source code for the web application you’re attacking...
CONTINUE READING
7 Ways Vulnerability Scanners May Harm Websites and What To Do About It
Whether we like it or not, whether we want them to or not, whether it’s legal or not, there are...
CONTINUE READING
A Single-Site Browser’s impact on XSS, CSRF, and Clickjacking
A Single-Site Browser (SSB) is a highly restricted Web browser only capable of connecting to a single website. A “website”...
CONTINUE READING