Security Specialist|May 17, 2022

Step 1 to Resolving the Spring4Shell Vulnerability: Find It, Safely

This blog was co-authored by Eric Rodriguez, Sarah Perkins, and Vishrut Iyengar – NTT AppSec Security Staff. Spring is upon...

CONTINUE READING
Danny Thomas|May 5, 2022

Are You Using Secure Passwords?

May 5th, 2022 is World Password Day and this year, more than years past, it’s a really important day. It’s...

CONTINUE READING
Sarah Perkins|April 1, 2022

Hackers Never Let April Fools’ Day Go to Waste

“Since March began thirty days and two,”[1] hackers’ distinctive humorous style has continually regaled. Whether you’re a fan of obscure...

CONTINUE READING
Danny Thomas|June 28, 2021

Key Findings: GTIC – Monthly Intelligence Report

A new report published this month by NTT’s Global Threat Intelligence Center (GTIC) is shedding new light on the Colonial...

CONTINUE READING
Bryan Becker and Simon Whittaker|July 16, 2019

Best Practices in Identifying and Remediating Vulnerabilities

It’s in the nature of cybersecurity that every technology vendor and service provider is vulnerable to security breaches and attacks...

CONTINUE READING
Kuskos|January 12, 2016

Top 10 Web Hacking Techniques of 2015

UPDATE – 4/20/2016 We have our Top 10 list folks! After a lot of coordination, research, voting by the community and...

CONTINUE READING
Ryan O'Leary|May 28, 2015

CVE-2015-0204 Freak Attack

It has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade...

CONTINUE READING
Carlos Munoz|December 4, 2013

Bypassing Internet Explorer’s Anti-XSS Filter

There’s a problem with the reflective Cross Site Scripting (“XSS”) filter in Microsoft’s Internet Explorer family of browsers that extends...

CONTINUE READING
Kuskos|June 27, 2013

The Case of an Unconventional CSRF Attack in Firefox

It appears that an unconventional method of Cross Site Request Forgery may be made exploitable by using Firefox versions 21...

CONTINUE READING
Zach Jones|May 28, 2013

Web Storage Security

The web waits for no one, not even W3C. While the HTML5 specification isn’t finalized, and HTML5 Storage has even...

CONTINUE READING
Kuskos|May 21, 2013

How I stole source code with Directory Indexing and Git

The keys to the kingdom pretty much always come down to acquiring source code for the web application you’re attacking...

CONTINUE READING
Jeremiah Grossman|November 7, 2012

7 Ways Vulnerability Scanners May Harm Websites and What To Do About It

Whether we like it or not, whether we want them to or not, whether it’s legal or not, there are...

CONTINUE READING
Jeremiah Grossman|February 8, 2012

A Single-Site Browser’s impact on XSS, CSRF, and Clickjacking

A Single-Site Browser (SSB) is a highly restricted Web browser only capable of connecting to a single website. A “website”...

CONTINUE READING