Javascript - Tagged - Security Boulevard

Using the new Plot Javascript Exploratory Visualization Library Sans-Observable

The fine folks over at @ObservableHQ released a new javascript exploratory visualization library called Plot last week with great fanfare. It was primarily designed to be used in Observable notebooks and I ...
Fake npm Packages Found in GitHub Repository

Fake npm Packages Found in GitHub Repository

Security researchers discovered four vulnerable npm packages uploaded to GitHub that were capable of collecting the user’s IP address, geolocation and device hardware data. Not all attacks have a high-visibility profile. Some ...
Mitigating NoSQL Injection Attacks: Part 2

Mitigating NoSQL Injection Attacks: Part 2

This is the second part of a two-part series on NoSQL injections. Last time, we covered the anatomy of a NoSQL injection, as well as how to mitigate it. In this post, ...
Mitigating NoSQL Injection Attacks: Part 1

Mitigating NoSQL Injection Attacks: Part 1

In this first part of a two-part post series, we’ll reconstruct a NoSQL injection and cover the basics of mitigating it. In the second part, we’ll look at Server-Side JavaScript and Blind ...

92% of the world’s top websites expose customer data to attackers

Tala’s Global Data at Risk: 2020 State of the Web Report indicates that sensitive data like PII and credit card information has never been more at risk - and security effectiveness is ...
An Oxymoron : Static Analysis of a Dynamic Language (Part 5)

An Oxymoron : Static Analysis of a Dynamic Language (Part 5)

| | Javascript
An Oxymoron : Static Analysis of a Dynamic Language (Part 5)Overcoming challenges using Code Property GraphsFrom the previous post we explored the idea of applying taint flow analysis upon an untyped and ...
An Oxymoron : Static Analysis of a Dynamic Language (Part 4)

An Oxymoron : Static Analysis of a Dynamic Language (Part 4)

An Oxymoron : Static Analysis of a Dynamic Language (Part 4)Taint Flow challenges in a world of untyped and async event handlingFrom the previous post we concluded that type-checking at compile-time can ...
An Oxymoron : Static Analysis of a Dynamic Language (Part 3)

An Oxymoron : Static Analysis of a Dynamic Language (Part 3)

An Oxymoron : Static Analysis of a Dynamic Language (Part 3)TypeScript to the rescueFrom the previous post we concluded that JavaScript contains a number of features that makes it a challenge to ...