HackDig : Dig high-quality web security articles for hacker

Let's Terminate XML Schema Vulnerabilities

By Fernando ArnaboldiXMLeXternal Entity (XXE) attacks are a common threat to applications using XMLschemas, either actively or unknowingly. That is because we continue to use XMLschemas that can be abused in multiple ways. Programming languages andlibraries use XML schemas to define the expected contents of XML documents,SAML authentications or SOAP message
Publish At:2016-11-19 20:15 | Read:740 | Comments:0 | Tags:fernando arnaboldi ioactive XML XML external entity xml pars

Drupal Update Issues Could Expose Web Admins to Attacks

A researcher has identified three security issues in Drupal that could expose unsuspecting web admins to various attacks.Fernando Arnaboldi, a senior security researcher and consultant at IOActive, discusses the three issues in a post on his company’s blog.The first issue is that when the Drupal update process fails, certain versions of Drupal will no
Publish At:2016-01-07 14:20 | Read:839 | Comments:0 | Tags:Latest Security News CSRF denial of service Drupal Fernando

Drupal - Insecure Update Process

By Fernando ArnaboldiSecurity updates are a common occurrenceonce you have installed Drupal. In October 2014, there was a massive defacement attack that effected Drupal users who did not upgrade in the first seven hoursafter a security update was released. This means that Drupal updates must bechecked as frequently as possible (even though by default, Drup
Publish At:2016-01-06 18:15 | Read:1888 | Comments:0 | Tags:application security drupal fernando arnaboldi hacking updat

Money may grow on trees

By Fernando ArnaboldiSometimes when buying something that costs $0.99 USD (99cents) or $1.01 USD (one dollar and one cent), you may pay an even dollar. Eitheryou or the cashier may not care about the remaining penny, and so one of youtakes a small loss or profit.Rounding at the cash register is a common practice, just asit is in programming languages when d
Publish At:2015-08-25 18:25 | Read:1233 | Comments:0 | Tags:bugs fernando arnaboldi hacking java javascript numbers prob

Die Laughing from a Billion Laughs

By Fernando ArnaboldiRecursion is the process of repeating items in a self-similar way, and that’s what the XML Entity Expansion (XEE)[1] is about: a small string is referenced a huge number of times. Technology standards sometimes include features that affect the security of applications. Amit Klein found in 2002 that XML entities could be used
Publish At:2014-11-18 22:05 | Read:1231 | Comments:0 | Tags:DTD fernando arnaboldi hacking security web hacking web secu

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud