Web Application Security

Security Header – Ignored X-Frame Options

What is Clickjacking Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. For example, imagine an attacker who builds a web site

By |2018-12-11T11:36:51+00:00December 10th, 2018|custom blog, Web Application Security|

Security Header : Why X-XSS Protection is important

What is X XSS protection? The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It’s usually enabled by default anyway, so the role

By |2018-12-11T11:36:36+00:00December 10th, 2018|custom blog, Web Application Security|

webRTC – Future is Here

What is webRTC WebRTC (Web Real Time Communication) is an Application Programming Interface (API) developed by the W3C that is still on development and being standardized by the RTCWEB IETF group. Its main goal is to allow peer-to-peer communication between web browsers. This communication can be used to transfer multiple type of data: files, video

By |2018-12-11T11:36:15+00:00December 10th, 2018|custom blog, Linux, Web Application Security|

SambaCry Vulnerability – Remote Code Execution Vulnerability in Linux

A seven-year-old remote code execution vulnerability that is affecting Samba versions 3.5.0 and higher is making news this week. The vulnerability is billed as the WannaCry equivalent for *nix operating systems, and some are even calling it SambaCry since it affects the SMB protocol implementation and is potentially wormable – which can cause it to

By |2018-12-11T11:35:43+00:00December 10th, 2018|custom blog, Linux, Web Application Security|

VLC Vulnerability – Tempered Subtitles can give complete control of the system remotely

Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found

By |2018-12-11T11:34:04+00:00December 10th, 2018|custom blog, Web Application Security|

How WannaCry did the damage

WannaCry is the ransomware computer worm that targets computers running Microsoft Windows. Initially, the worm uses the EternalBlue exploit to enter a computer, taking advantage of a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. It installs DoublePulsar, a backdoor implant tool, which then transfers and runs the WannaCry ransomware package. It

By |2018-12-11T11:33:39+00:00December 10th, 2018|custom blog, Web Application Security|

MongoDB Databases – Targeted by Cyber-criminals for Ransom

In December-2016, attackers were exploiting misconfigured open-source MongoDB databases and holding them for ransom. Bitcoin chart The ransomware attacks against MongoDB were first publicly reported by GDI Foundation security researcher Victor Gevers on Dec. Bitcoin exchange chart 27, 2016, and have been steadily growing ever since, with at least five different groups of hackers taking

By |2018-12-11T11:32:46+00:00December 10th, 2018|custom blog, Web Application Security|

16 years old high school student from Melbourne hacked Apple’s Servers

A 16 years old high school student from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access to users, as well as access multiple user accounts. Student told the authorities that he hacked Apple because he was a huge

By |2018-12-11T11:32:17+00:00December 10th, 2018|custom blog, Technology, Web Application Security|

General Data Protection Regulation (GDPR) and Web Application Security

GDPR in Short Any company either based in the EU or which deals with any data involving EU citizens or organizations are required to comply. Under the GDPR, personal data includes anything that might identify an EU citizen, including IP addresses and cookie IDs. Companies will now need to report incidents that could risk customer

By |2018-12-11T11:31:53+00:00December 10th, 2018|custom blog, Web Application Security|

Chat - SplenGini

SplenGini is Typing...