In this week's edition of our security roundup: HPKP and HSTS preload bypasses, a vBulletin LFI on Windows hosts and three creative sources of user input in order to exploit XSS vulnerabilities. Read More
A weekly security roundup by Netsparker for week 51 of 2017 - We examine the differences between the latest version of OWASP Top 10 and its predecessor. We also delve into the Mailspoilt vulnerability, security issues with EV Certificates and Google's .dev Support. Read More
A technical explanation of how a Cross-Site Request Forgery (CSRF) attack works. Included in the article is an example of how malicious hackers can exploit it & how developers can prevent it. Read More
This article explains what the CRLF Injection is and how it can be used to do HTTP response splitting or HTTP header injection to trick the victim's browser. Read More
This introductory article explains how the Local File Inclusion vulnerability works, how attackers can exploit it on vulnerable web applications, and also recommends development best practices to prevent it. Read More
Netsparker is offering free web application security scans to developers who develop open source web applications. This initiative will surely help developers write more secure code, thus ensuring a safer internet. Read this post for more information on how to apply for your free Netsparker Enterprise account. Read More
A web security article that explains what is a DOM based cross-site scripting using real live coding examples. The article also explains why the traditional XSS remediation methods do not work and what you can do to ensure that your web applications are not vulnerable to DOM based cross-site scripting vulnerability. Read More
A complete detailed guide to web application security. This guide includes everything you need to know to get started with web application security and explains which tools to use, how to choose such tools and also explains how to secure completely all the components of a web application environment. Read More