[Security] Practical attacks on web application crypto
HackPra (@HackPra) was kind enough to invite me to do a talk. On the 7th of December I heald a talk called "Attacks on web application crypto". The talk covered attacks on hashes (including length...
View Article[Security] The security craftsman - Part 11
"So now that you've seen how contexts are important when mitigating XSS, I'll give you a new example", David said. "Take a look at the following example from a social networking web site".<img...
View Article[Security] OWASP Top 10 for JavaScript - A3: Broken Authentication and...
In this post I'll describe how OWASP Top 10: A3 - Broken Authentication and Session Management applies to javascript based applications. Problems around broken authentication and session management can...
View ArticleClik here to view.
[Security] OWASP Top 10 for JavaScript - A4: Insecure Direct Object References
How do A4 - Insecure Direct Object References apply to Javascript? Well, it all depends on how the system was formed, but this is very likely to become a problem in pure JavaScript apps. Read on for an...
View Article[Security] OWASP Top 10 for JavaScript - A5: Cross Site Request Forgery (CSRF)
The vulnerability known as A5 - Cross-Site Request Forgery (CSRF) has many names including session riding and one-click attack. It's a blind attack in the sense that the attacker is not directly...
View Article[Security] OWASP Top 10 for JavaScript - A6: Security Misconfiguration
This post describes how OWASP Top 10 - A6: Security Miconfiguration affects javascript applications. This is a wide category which covers a lot more than this blog post. I'll try to focus on the...
View Article[Security] OWASP Top 10 for JavaScript - A7: Insecure Cryptographic Storage
This post describes how OWASP Top 10 - A7: Insecure Cryptographic Storage affects javascript applications. This is a wide category which covers a lot more than this blog post. I'll try to focus on the...
View Article[Security] OWASP Top 10 for JavaScript - A9: Insufficient Transport Layer...
The 9th item on the OWASP Top 10 is A9 - Insufficient Transport Layer Protection. This is mostly a browser to server and server to server issue.This is the risk rating from OWASP: Threat Agents Attack...
View Article[.NET] NuGet developer: Help me help you
Are you a developing NuGet packages? Good. Me too. We developers all make mistakes from time to time. And the problem is, some of those mistakes become vulnerabilities. Now the problem is, how will the...
View Article
