Recently, we discovered a cross-site scripting vulnerability during a penetration test, which was only made possible using a third-party plugin. What was surprising: the vulnerability seemed to occur only when the website used a specific language. As a result, we took a closer look.
When testing web applications for security flaws, the applications’ handling of different HTTP request methods – also known as verbs – should be considered.Usually, interactions between clients and servers utilize the HTTP methods GET or POST for accessing resources.
During and after my studies of business administration I worked in different areas and companies. Most recently, almost 5 years in the corporate development/strategy of a semiconductor company with a big focus on automotive applications. During my master’s studies, I mainly focused on entrepreneurship, innovation management and digital topics. That’s why I wrote my master thesis about digital business models. Since August this year I’m working as a consultant in the areas of cyber security and digital transformation and to be honest I’ve more questions than answers after the first weeks.
From a high level, cross site scripting (short: XSS) can be described as the embedding of foreign code into a trusted context for execution.
For criminals and fraudsters, personal data of Internet users is always very desirable. In many cases it allows access to credit cards, bank or online accounts.
Phishing, i.e. obtaining other people’s personal data using fake e-mails or websites, is a popular method of doing this. The following is an overview of the most common methods:
What is Clickjacking?
Clickjacking takes place when a fraudster sets up an overlaid website interface and steals clicks on that fake website to then use it on a real site. Users come across these illegal overlays by chance and assume that after filling in a field, clicking a link, or entering their passwords, they’ll get access to what they see in front of them.
In Germany, special regulations apply to operators of critical infrastructures under the Federal Office for Information Security / Bundesamt für Sicherheit in der Informationstechnik (BSI) Act. But who counts as an operator and when are infrastructures classified as critical?
Hard Coded Credentials for Dummies
or
How to not unknowingly, accidently and unconsciously reveal all your passwords and secrets to bad people
Credentials or passwords are the integral part of online and software world. In the simplest example they are the key protecting your “online house” such as Instagram, Facebook, email, etc.
At the beginning of April 2021, information was published that personal data of more than 500 million Facebook users had surfaced in a hacking forum.
How well is my company positioned when it comes to cybersecurity? Are we way ahead of the game or do we have one foot in a major security hole… these are questions that IT managers often ask themselves. New screenings provide some surprising answers.
“We need to take care of our cybersecurity …” Dieser Satz ist in Unternehmen ein häufig gesagter und führt neben zustimmendem Kopfnicken zu einer Art Vogel-Strauß-Haltung This phrase is a common one in organizations…. But where do we start? What is the cost? Along the entire value chain? And who will support us in the process?
Flat is trendy. Flat rates, flat hierarchies, flat iron steaks and even a flat earth, but a flat network? That is a real no-go nowadays and already for a long time. Anyone in the business of enterprise network design knows by that a flat network design is just begging for trouble at many levels and layers.
74% of all cyberattacks are directed against the chemical and pharmaceutical industries most affected by this form of crime – according to a study by the Criminological Research Institute of Niedersachsen.
For more than a year now, more people worldwide have been working from home offices than ever before.
The digitalization of the home has been turbo-charged, but the digital connection to companies has often been more poor than good, primarily in a hurry, so that everyone can continue to work and earn money quickly. But those which cobble together hurriedly open the door to danger from the web.
Security is often not considered in digitization initiatives or in the best case after implementation only, which results in a major loss of efficiency and causes high costs.
In early 2019, hackers secretly broke into Texas-based SolarWind’s systems and added malicious code into the company’s software system. The system, called “Orion,” is widely used by companies to manage critical IT resources.
Rabinstraße 1
53111 Bonn
Phone: +49 228 50431650
info@e2security.de
