Circumventing a Blacklist to Exploit Cross-Site Scripting
Blacklisting is not the best or only way to avoid an XSS attack. This web application penetration scenario shows how an attacker could circumvent this safety feature.
CVSS v3 – Updating Risk Quantification
As Vulnerability Management systems move from CVSS v2 to v3, WhiteHat scoring keeps up.
Becoming an Admin Through Broken Access Control Policy
Testing Single Page Applications for Broken Access Control Policies
Breaking the Bank
Bank Websites and insufficient process validation – A recipe for Fraud
The Security Angle on Angular
Angular Frameworks on a TypeScript back end: Security improvements for API calls with a warning
Product Management Update: Associated Host Names, BLAs, a new Vulnerability
Learn about new self-service features: Associated Host Names & BLA Scheduling.
Compromising a User’s System with Reflected File Download
As web applications become more complex due to the use of various technologies, so will the attack surface of the applications that implement these technologies. Applications that utilize JSON to populate application content are just one example.
Crash Course Series #1 – Additional Q&A
Thanks to everyone who attended the first Crash Course Series webinar. As we ran out of time before answering all of the questions at the end (and thank you all for so much participation!), I thought I’d pull the unanswered and reply to them here in longer form than the time allotted.
Developers Care about Security: Myth or Reality?
As more and more organizations are embracing agile, fast waterfall, DevOps methodologies, a key cultural shift is happening towards bringing security closer to developers.