Recently, we discovered a cross-site scripting vulnerability during a penetration test, which was only made possible using a third-party plugin. What was surprising: the vulnerability seemed to occur only when the website used a specific language. As a result, we took a closer look.
When testing web applications for security flaws, the applications’ handling of different HTTP request methods – also known as verbs – should be considered.Usually, interactions between clients and servers utilize the HTTP methods GET or POST for accessing resources.
From a high level, cross site scripting (short: XSS) can be described as the embedding of foreign code into a trusted context for execution.
For criminals and fraudsters, personal data of Internet users is always very desirable. In many cases it allows access to credit cards, bank or online accounts.
Phishing, i.e. obtaining other people’s personal data using fake e-mails or websites, is a popular method of doing this. The following is an overview of the most common methods:
What is Clickjacking?
Clickjacking takes place when a fraudster sets up an overlaid website interface and steals clicks on that fake website to then use it on a real site. Users come across these illegal overlays by chance and assume that after filling in a field, clicking a link, or entering their passwords, they’ll get access to what they see in front of them.
Hard Coded Credentials for Dummies
or
How to not unknowingly, accidently and unconsciously reveal all your passwords and secrets to bad people
Credentials or passwords are the integral part of online and software world. In the simplest example they are the key protecting your “online house” such as Instagram, Facebook, email, etc.
At the beginning of April 2021, information was published that personal data of more than 500 million Facebook users had surfaced in a hacking forum.
How well is my company positioned when it comes to cybersecurity? Are we way ahead of the game or do we have one foot in a major security hole… these are questions that IT managers often ask themselves. New screenings provide some surprising answers.
„We need to take care of our cybersecurity …“ This phrase is a common one in organizations…. But where do we start? What is the cost? Along the entire value chain? And who will support us in the process?
For more than a year now, more people worldwide have been working from home offices than ever before.
The digitalization of the home has been turbo-charged, but the digital connection to companies has often been more poor than good, primarily in a hurry, so that everyone can continue to work and earn money quickly. But those which cobble together hurriedly open the door to danger from the web.
Security is often not considered in digitization initiatives or in the best case after implementation only, which results in a major loss of efficiency and causes high costs.
In early 2019, hackers secretly broke into Texas-based SolarWind’s systems and added malicious code into the company’s software system. The system, called „Orion,“ is widely used by companies to manage critical IT resources.
Rabinstraße 1
53111 Bonn
Phone: +49 228 50431650
info@e2security.de
