Blacklisting is not the best or only way to avoid an XSS attack. This web application penetration scenario shows how an attacker could circumvent this safety feature.
As Vulnerability Management systems move from CVSS v2 to v3, WhiteHat scoring keeps up.
Testing Single Page Applications for Broken Access Control Policies
Bank Websites and insufficient process validation – A recipe for Fraud
Angular Frameworks on a TypeScript back end: Security improvements for API calls with a warning
Learn about new self-service features: Associated Host Names & BLA Scheduling.
As web applications become more complex due to the use of various technologies, so will the attack surface of the applications that implement these technologies. Applications that utilize JSON to populate application content are just one example.
Thanks to everyone who attended the first Crash Course Series webinar. As we ran out of time before answering all of the questions at the end (and thank you all for so much participation!), I thought I’d pull the unanswered and reply to them here in longer form than the time allotted.
As more and more organizations are embracing agile, fast waterfall, DevOps methodologies, a key cultural shift is happening towards bringing security closer to developers.