HackDig : Dig high-quality web security articles for hackers

Web Application Whitepaper

This document aims to analyse and explore data collected from technical assurance engagements during 2016. The original piece of data analysis was performed by two of our interns (Daniel and Chris) as part of Cisco’s intended contribution to the next Top 10 publication from OWASP however due to time constraints, our data points were not submitted. As a
Publish At:2017-10-27 17:20 | Read:3205 | Comments:0 | Tags:Whitepapers analysis HTML5 SDL training web

OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

Need to include cross domain resources: The ever growing need of giving a rich user experience to website visitors have made the need for browsers to include cross origin resource. Sometimes these resources can be data, a frame, an image or JavaScript. For example: A website http://example.com can have the following cross origin resources: Data from websit
Publish At:2017-08-28 03:30 | Read:5406 | Comments:0 | Tags:OWASP SecureLayer7 Lab Bad JavaScript Imports Client Side At

Facebook Abandons Flash-Based Video Player, Embraces HTML5

Facebook announced that it has altered its video player to embrace HTML5 instead of Adobe Flash Player.Daniel Baulig, a front-end engineer at Facebook, broke the news late last week on the social network’s blog.“We recently switched to HTML5 from a Flash-based video player for all Facebook web video surfaces, including videos in News Feed, on Pa
Publish At:2015-12-22 00:30 | Read:3207 | Comments:0 | Tags:Latest Security News Adobe Animate Daniel Baulig Facebook Fl

Flash’s Farewell Under Way

If there’s unanimity among security professionals in anything, it’s in their loathing of Adobe’s Flash Player. There’s yet to be an APT or exploit kit that hasn’t welcomed vulnerabilities in the development platform with open arms. And for all that misery tallied up in lost intellectual property and industrial secrets, and stole
Publish At:2015-12-03 23:40 | Read:3720 | Comments:0 | Tags:Vulnerabilities Web Security adobe adobe flash Adobe Flash e

#HackerKast 29 Bonus Round: Formaction Scriptless Attack

Today on HackerKast, Matt and I discussed something called a Formaction Scriptless Attack. Content Security Policy (CSP) has put a big theoretical dent in cross site scripting. I say theoretical because relatively few sites are taking advantage of it yet; but even if it is implemented to prevent JavaScript from loading on the page, that doesn’t neces
Publish At:2015-04-04 04:10 | Read:2874 | Comments:0 | Tags:Technical Insight Vulnerabilities Web Application Security W

HTML5 goes officially live - now you really CAN say goodbye to Java in your browser!

Do you remember what happened on the night before Christmas in the last year of the last millennium?That's right!HTML 4, or (to be more precise) the HTML 4.01 Specification, was published.Nearly fifteen years later, the name has jauntily shed its space, and HTML5 has finally reached official status with the publication of HTML5 – A vocabulary and
Publish At:2014-11-03 12:10 | Read:2827 | Comments:0 | Tags:Adobe Adobe Flash Featured Java Oracle Security threats Vuln

[Перевод] HTML-импорт — include для веба: часть 2

Перевод статьи «HTML Imports #include for the web», Eric Bidelman. Ссылка на первую часть перевода. Предоставление веб-компонентов HTML-импорт упрощает загрузку и повторное использование кода. В частности, это хороший способ распространения веб-компонентов. Это касается как простых HTML <template>, так и полноценных кастомных элементов с теневым
Publish At:2014-08-10 22:20 | Read:4807 | Comments:0 | Tags:HTML Веб-разработка html import html5 w3c web-разработка


Share high-quality web security related articles with you:)