In this week's edition of our security roundup: Thanks to Chrome's new Site Isolation feature, the X-Content-Type-Options header is more important than ever. Read More
In this week's edition of our security roundup: directory listings can lead to account takeover, accessibility and security of US government websites and certification authority with AlwaysOnSSL. Read More
In this week's edition of our security roundup: The Impact of Meltdown and Spectre On the Web and HTTP Verb Tampering and a phpMyAdmin Cross-Site Request Forgery. Read More
In this week's edition of our security roundup: HPKP and HSTS preload bypasses, a vBulletin LFI on Windows hosts and three creative sources of user input in order to exploit XSS vulnerabilities. Read More
A weekly security roundup by Netsparker for week 51 of 2017 - We examine the differences between the latest version of OWASP Top 10 and its predecessor. We also delve into the Mailspoilt vulnerability, security issues with EV Certificates and Google's .dev Support. Read More
A technical explanation of how a Cross-Site Request Forgery (CSRF) attack works. Included in the article is an example of how malicious hackers can exploit it & how developers can prevent it. Read More
This article explains what directory listing is and also explains how to disable it on a variety of web servers including Apache, NGINX and Microsoft Internet Information Services (IIS). Read More
An Open Redirection vulnerability is when the attackers can control to where a victim is redirected when using a web application, thus allowing them to redirect the victim to malicious websites controlled by the attackers. Read More
Information disclosure issues in web application can be used by attackers to gain insightful knowledge about the possible weaknesses of a web application, thus allowing them to craft a malicious hack attack. Read More
The Remote File Inclusion vulnerability allows attackers to insert files, from a web server they control, to a website. Read this article to learn about all the technical details of how this vulnerability works and how to prevent it. Read More
This article explains in detail what is the Server Side Request Forgery (SSRF) vulnerability, how malicious hackers can exploit it, what are its repercussions and what you can do to prevent it in your web applications. Read More
This article explains how the Content Security Policy security standard works and how it can be used by web developers when developing web applications to avoid cross-site scripting, clickjacking, protocol downgrading and other vulnerabilities web applications are typically susceptible to. Read More
This article explains what the CRLF Injection is and how it can be used to do HTTP response splitting or HTTP header injection to trick the victim's browser. Read More
This introductory article explains how the Local File Inclusion vulnerability works, how attackers can exploit it on vulnerable web applications, and also recommends development best practices to prevent it. Read More
This article explains what is the command injection vulnerability, how it works (how malicious hackers can exploit it) and also explains how to ensure your web applications are not vulnerable to this vulnerability. Read More
Netsparker is offering free web application security scans to developers who develop open source web applications. This initiative will surely help developers write more secure code, thus ensuring a safer internet. Read this post for more information on how to apply for your free Netsparker Enterprise account. Read More
Many security software vendors claim that automated web vulnerability scanners can identify all security flaws listed in the OWASP Top 10 list. This web security article examines each category in the OWASP Top 10 list, discusses each of them and shows how they can be detected, determining whether such claims are true or not. Read More
A web security article that explains what is a DOM based cross-site scripting using real live coding examples. The article also explains why the traditional XSS remediation methods do not work and what you can do to ensure that your web applications are not vulnerable to DOM based cross-site scripting vulnerability. Read More
A complete detailed guide to web application security. This guide includes everything you need to know to get started with web application security and explains which tools to use, how to choose such tools and also explains how to secure completely all the components of a web application environment. Read More
Choosing an automated tool such as a web application security scanner is not a straight forward process.. Here is a complete guide to help you choose the right web vulnerability scanner, also known as web application security scanner for web vulnerability assessments and identifying vulnerabilities in web applications. Read More