Javascript

Fake npm Packages Found in GitHub Repository

Fake npm Packages Found in GitHub Repository

| | dependencies, GitHub, Industry News, Javascript, npm, typossquatting
Security researchers discovered four vulnerable npm packages uploaded to GitHub that were capable of collecting the user’s IP address, geolocation and device hardware data. Not all attacks have a high-visibility profile. Some ...
HOTforSecurity
Black Friday and Cyber Monday are coming

How Black Friday and Cyber Monday Can Go From a Retailer’s Dream Into a CiSO’s Worst Nightmare

| | 4th-parties scripts, Acountix, Application Security, application security tests, attacks, bitsight, black friday, Blog, CISO, Client’s Side Risks, COVID-19, Credit Card Skimmers, Cyber awareness, cyber monday, CyberGRX, e-commerce risks, e-commerce security, ecom, Form-Jacking, GDPR, gocgle, Insights, IPS, Javascript, JavaScript skimmers, Magecart, Magecart Attacks, online retailers cyber threats, online shopping, Penetration Testing, Pipka, PT, Qualys, security scorecard, Supply Chain Attacks, third-party application security, TPRM, waf, web skimming
The shopping season which begins on Black Friday rolling over to Cyber Monday, is actually one of the most critical times for online retailers. During this period promotions are offered, new products ...
Blog – Reflectiz
Port-scanning

Why and How are Enterprise Companies, Like eBay, Actively Port-scanning End-users’ Computers From Their Websites

| | 127.0.0.1, attacks, Bleeping Computer, Blog, Client & Server, Client-side, Compromised Hosts, EBay, Insights, internal network action, internal network scanning, Javascript, Lloyds Bank, netflix, network scanning, port scan, port scanning, Port Scanning Technical, portscan, portscanning, Server-side, target, TD Bank, technology, Walmart, Web Sockets, Website Security, WebSockets
You might have recently heard that eBay is performing port scanning, while online shoppers are visiting their website. At first glance, it will probably sound a bit strange, as port scanning is ...
Blog – Reflectiz
Mitigating NoSQL Injection Attacks: Part 2

Mitigating NoSQL Injection Attacks: Part 2

| | Application Security, Javascript, NoSQL, security, shiftleft
This is the second part of a two-part series on NoSQL injections. Last time, we covered the anatomy of a NoSQL injection, as well as how to mitigate it. In this post, ...
ShiftLeft Blog - Medium
Mitigating NoSQL Injection Attacks: Part 1

Mitigating NoSQL Injection Attacks: Part 1

| | Application Security, Javascript, NoSQL, security, shiftleft
In this first part of a two-part post series, we’ll reconstruct a NoSQL injection and cover the basics of mitigating it. In the second part, we’ll look at Server-Side JavaScript and Blind ...
ShiftLeft Blog - Medium

92% of the world’s top websites expose customer data to attackers

| | Application Security, AppSec, CCPA, Content Security Policy, Data breaches, Data Privacy, GDPR, Javascript, Javascript Attacks, Magecart, Payment Card Skimming, Web security, XSS
Tala’s Global Data at Risk: 2020 State of the Web Report indicates that sensitive data like PII and credit card information has never been more at risk - and security effectiveness is ...
Tala Blog
An Oxymoron : Static Analysis of a Dynamic Language (Part 5)

An Oxymoron : Static Analysis of a Dynamic Language (Part 5)

| | Javascript
An Oxymoron : Static Analysis of a Dynamic Language (Part 5)Overcoming challenges using Code Property GraphsFrom the previous post we explored the idea of applying taint flow analysis upon an untyped and ...
ShiftLeft Blog - Medium
An Oxymoron : Static Analysis of a Dynamic Language (Part 4)

An Oxymoron : Static Analysis of a Dynamic Language (Part 4)

| | Cybersecurity, Development, DEVOPS, Javascript, nodejs
An Oxymoron : Static Analysis of a Dynamic Language (Part 4)Taint Flow challenges in a world of untyped and async event handlingFrom the previous post we concluded that type-checking at compile-time can ...
ShiftLeft Blog - Medium
An Oxymoron : Static Analysis of a Dynamic Language (Part 3)

An Oxymoron : Static Analysis of a Dynamic Language (Part 3)

| | Cybersecurity, DEVOPS, Javascript, nodejs
An Oxymoron : Static Analysis of a Dynamic Language (Part 3)TypeScript to the rescueFrom the previous post we concluded that JavaScript contains a number of features that makes it a challenge to ...
ShiftLeft Blog - Medium
An Oxymoron : Static Analysis of a Dynamic Language (Part 2)

An Oxymoron : Static Analysis of a Dynamic Language (Part 2)

| | Cybersecurity, DEVOPS, Javascript, nodejs
An Oxymoron : Static Analysis of a Dynamic Language (Part 2)From client side JavaScript to server side NodeJsNow that you have reached here after reading the prior post , lets switch contexts ...
ShiftLeft Blog - Medium
Load more