Security Flaw in CoCalc: One Click and Your Cloud is Ruined

Security Flaw in CoCalc: One Click and Your Cloud is Ruined

TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click ...
Zimbra XSS vulnerability blocked by WAF

Understanding the Zimbra Cross-Site Scripting Flaw (CVE-2023-37580)

The Zimbra XSS vulnerability allows an attacker to impact the confidentiality and integrity of the user's data. Understand how to find & fix this flaw. The post Understanding the Zimbra Cross-Site Scripting ...
JavaScript in Android Application

Execution of Arbitrary JavaScript in Android Application

In this blog, we will learn about the possible ways to find cross-site scripting by abusing JavaScript in Android applications. Cross-site scripting (XSS) in an Android application occurs when an attacker successfully ...
Reflected Cross site scripting attacks

What is Cross-Site Scripting (XSS)? Types of XSS, Examples, and Patching Best Practices

Cross-Site Scripting (XSS) is a security vulnerability that allows an attacker to inject malicious code into a web page viewed by other users, usually in a script. The post What is Cross-Site ...
Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header

Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header

During a recent Chariot customer pilot we identified an interesting method to bypass the cross-site scripting (XSS) filtering functionality within the Akamai Web Application Firewall (WAF) solution. Chariot had identified a Carriage ...

Out with the WAF, in with the WAAP

Advanced attacks call for advanced protection Bad actors are constantly discovering new attack vectors to exploit applications. To meet the threat, organizations need enterprise-level security more now than ever. Traditionally, implementing a ...

Why a Resilient Content Delivery Network (CDN) is Key to Website Performance

Today’s online users have built-up certain standards of quality when visiting a website. They expect a high performance website with fast page load times and easily accessible, fresh and dynamic content. They ...

How to Support Agile Development Through Cybersecurity Best Practices

Understanding other people’s problems It’s often said that people only notice cybersecurity when it fails, or when it gets in the way of them doing their jobs. Organizations, and especially software development ...

API Gateway or not, You Need API Security

To build and deploy apps in a fast-paced, iterative process, cloud-native developers in organizations on the digital transformation journey rely on APIs for communication. With at least 90% of developers using APIs ...
🙈

Your inbox is mine. How attackers could gain continuous access to your email

Although new messaging apps like WhatsApp, Telegram, and Messenger have taken a large chunk of our day to day communications, email remains one of the most popular ways we communicate. In this ...