Goodbye XSS Auditor
Chrome's development team has decided to retire the XSS Auditor, its inbuilt Cross-Site-Scripting (XSS) filter that aimed to prevent reflected Cross Site Scripting vulnerabilities in the majority of cases. While this move might surprise many observers, it follows a long list of bypasses, security related side effects and false positives ... Read More
The Problem of String Concatenation and Format String Vulnerabilities
If JavaScript is your programming language of choice, you probably don't have to worry about string concatenation a lot. Instead, one of the recurring problems you might encounter is having to wait for JavaScript's npm package manager to install all of the required dependencies. If that sounds all too familiar, ... Read More
Pros and Cons of DNS Over HTTPS
DNS, also known as Domain Name System, is the internet-wide service that translates fully qualified hostnames (FQDNs) such as www.netsparker.com into an IP address. It was developed because it's much easier to remember a domain name than an IP address. In 2017, an internet draft to send DNS requests over ... Read More
Server-Side Template Injection Introduction & Example
There are few topic that developers universally agree on. One example that often leads to heated discussions is the choice of the right source code editor. You may be a Vim fanatic or maybe you prefer the simplicity of Nano or the extensibility of Visual Studio Code. Meanwhile, others argue ... Read More
Type Juggling Authentication Bypass Vulnerability in CMS Made Simple
Have you ever experienced that sinking feeling when you discover that you've run out of one crucial ingredient for a special meal? It might be a single ingredient, but it ruins the whole dish, doesn't it? In the world of web application security, one apparently small slip-up can compromise the ... Read More
Why You Should Never Pass Untrusted Data to Unserialize When Writing PHP Code
In PHP, as in every other programming language you use for web development, developers should avoid writing code that passes user-controlled input to dangerous functions. This is one of the basics of secure programming. Whenever a function has the capability to execute a dangerous action, it should either not receive ... Read More
GDPR Article 32: Security of Data Processing
The EU General Data Protection Regulation (GDPR) is a regulation formulated by the European Union to strengthen and unify data protection for all individuals within the European Union (EU). It covers many subjects, such as Privacy by Design and Data Breaches. One section in particular, that applies to all those ... Read More