HackDig : Dig high-quality web security articles for hackers

OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

Need to include cross domain resources: The ever growing need of giving a rich user experience to website visitors have made the need for browsers to include cross origin resource. Sometimes these resources can be data, a frame, an image or JavaScript. For example: A website http://example.com can have the following cross origin resources: Data from websit
Publish At:2017-08-28 03:30 | Read:5752 | Comments:0 | Tags:OWASP SecureLayer7 Lab Bad JavaScript Imports Client Side At

OWASP Top 10 : Cross-Site Scripting #2 DOM Based XSS Injection and Mitigation

What is a DOM (Document Object Model)? DOM is a W3C (World Wide Web Consortium) standard. It is a platform independent interface that allows programs and scripts to dynamically access and modify the structure of an document. The document can be HTML, XHTML or XML. Let us apply the above definition practically: Before modifying element using DOM: In the below
Publish At:2017-01-11 20:30 | Read:8134 | Comments:0 | Tags:OWASP Client Side Attack Cross Site Scripting DOM DOM Based

OWASP TOP 10: Security Misconfiguration #5 – CORS Vulnerability and Patch

What is the meaning of an origin? Two websites are said to have same origin if both have following in common: Scheme (http, https) Host name (google.com, facebook.com, securelayer7.net) Port number (80, 4567, 7777) So, sites http://example.com and http://example.com/settings have same origin. But https://example.com:4657 and http://example.com:8080/setting
Publish At:2017-01-07 18:45 | Read:16942 | Comments:0 | Tags:OWASP Client Side Attack CORS CORS Vulnerability and Patch C

2014 Cyber Security Highlights

“There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.” James Comey, FBI Director, October, 2014 Introduction Cybercrime in 2014 exceeded even the most pessimistic expectations and far surpassed in magnitude and severity anything seen in recent years. Looking back at the y
Publish At:2014-12-29 02:05 | Read:4468 | Comments:0 | Tags:General Updates Attack simulation client side attack Cyber S

“Phish & Tips” anyone?

10 tips on how to identify phishing emails Phishing is a form of Social Engineering that is used to manipulate users into surrendering sensitive data, credit card details and confidential data. Cyber criminals use Social Media and emails that are almost identical to emails coming from legitimate companies and often require filling out personal details, downl
Publish At:2014-10-25 18:10 | Read:4590 | Comments:0 | Tags:Cyber Security Assesment anti-phishing Attack simulation cli


Tag Cloud