Articles Tagged with "Web Application Security"


From the Web

Obfuscated URLs within iframes

October 06, 2010 from: Mozilla Security Blog

Issue There has been discussion today about a Firefox feature that warns users when a site’s URL is deceptive. When a Firefox user visits a site with a url that might be deceptive (e.g. http://www.good.com@evil.com/) , Firefox will stop the load and confirm with the user that they are really visiting the site they expected to visit (in this example, evil.com is the ...

Comments  (0)


From the Web

Gmail Introduces Suspicious Activity Warning

July 05, 2010 from: Saumil's Infosec Blog

Recently, My gmail account was hacked by some botnet which sent out e-mails to all my contact asking them to check out a website. I only realized this when I checked my gmail "Sent Mail" folder and had to immediately send a warning message to all my contacts telling them that my account was hacked and not to click on any links from my previous mails.

Comments  (1)


From the Web

CSRF Isn’t A Big Deal - Duh!

April 14, 2010 from: Rsnake's blog at ha.ckers.org

Did you hear the news? CSRF isn’t a big deal. I just got the memo too! There were a few posts pointing me to an article on the fact that CSRF isn’t that big of a deal. Fear not, I am here to lay the smack down on this foolishness. To be fair, I have no idea who this guy is, and maybe he’s great at other forms of hacking - web applications just don’t happen to be his strong ...

Comments  (3)


From the Web

Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass

March 11, 2010 from: Rsnake's blog at ha.ckers.org

It’s been a while since I’ve talked about Clickjacking, with only a few exceptions here and there. Mostly because I haven’t seen it much in the wild - at least not yet. But there’s still a lot of research out there to be done. I got an interesting email the other day that talked about a way to use parameter pollution (or a mix of URL parameters and POST) to create a conditi...

Comments  (0)


From the Web

The Web won’t be safe, let alone secure, unless we break it

February 03, 2010 from: Jeremiah Grossman's Blog

There are several security issues affecting all major Web browsers that have remained unaddressed for years (probably because the bad guys haven’t leveraged them aggressively enough, but the potential is there). The problem is that the only known ways to fix these issues (adequately) is to “break the Web” -- i.e. negatively impact the usability of a significant and unacceptable p...

Comments  (1)


From the Web

Accuracy and Time Costs of Web Application Security Scanner Report

February 03, 2010 from: Rsnake's blog at ha.ckers.org

Larry Suto is back with another report outlining the differences between some of the top web application scanners on the market....he took a different approach this time, and instead of running the scanners against something he had devised up to be used only in his own lab, he turned all the scanners on each other’s public test sites.

Comments  (1)