Ruby on Rails – JSON Parser Vulnerability The JSON parser which converts JSON into YAML and in turn hands over to the YAML parser is The post Surviving the Week 2/1/13 – Ruby on Rails –...
https://manvswebapp.com/surviving-week-21-ruby-rails-json-parser-vulnerability
HTML5 Definition Complete, W3C Moves to Interoperability Testing and Performance The 5th revision of HTML is regarded as the future of web markup language. The The post Surviving the Week 12/...
Detecting Successful XSS Testing with JS Overrides with ModSecurity The following link demonstrate a proof of concept that uses ModSecurity to add defensive Javascript to The post Surviving t...
PCI Security Standards Council Adds Guidelines for Data Security Standards Risk Assessment PCI Security Standards Council released guidelines for DSS risk assessment. There are three The post...
Not a Great Week for Password Protection Earlier in the week, we saw Twitter forcing users to change their password due to some password loss. The post Surviving the Week 11/16/12, Not a Grea...
Couple of Major hacks this week – NBC and Coca Cola A number of NBC sites were hacked this week. There is no official news The post Surviving the Week 11/9/12, NBC and Coca Cola hacked this...
We’re a bit late this week on our Surviving the Week post, because we’ve been busy with our recent product launch of NTOSpider 6. During The post Surviving the Week 11/2/12, Ford website ...
Redirect flaw on .gov sites leaves open door for phishers At least 20,000 users have fallen victim to a spam campaign that uses shortened links The post Surviving the Week 10/26/12, XSS repor...
Security Flaw Found in Steam Hackers could have a new means of accessing your computer through a browser command that uses Valve’s software distribution system The post Surviving the Week 1...
The Cloud is a Scary Place Security lapses in XSS, CSRF, SQLi, or authentication bypass are not always easy to uncover for cloud companies such The post Surviving the Week 10/12/12, The cloud...
Enterprises Struggle With Business Logic Attacks, Survey Finds A new survey emphasizes how business logic attacks can slip under the radar of development teams and The post Surviving the Week...
Passwords of 100k IEEE members lie bare on FTP server IEEE uses Akamai for content delivery. A FTP directory server was discovered which contained log The post Surviving the Week 9/28/12 fir...
2012 HouSecCon, 10/11/2012 (in Houston) HouSecCon is coming up – October 11th in Houston. The agenda is shaping up with a bunch of hot topics The post Surviving the Week 9/21/12 first appe...
Surviving SQL Injection (link to free SQL Injection tool) SQLInjection continues to be in the news each week. Despite the fact that it the most The post Surviving the Week 9/14/12 first appe...
A Number of Exploits Including SQL Injection, XSS, and Authentication Bypass This week, researchers found some remarkable vulnerabilities including Remote code execution, SQL Injection, and T...
XSS: Gaining Access to HttpOnly Cookie Using the method getHeaderField in the Java HTTP API, any applet can access cookies with the HttpOnly flag set. The post Surviving the Week 8/31/12 fir...
Get Off Your AMF and Don’t REST On JSON At “BSides Los Angeles“, I presented on “Get off your AMF and don’t REST on JSON”. The post Surviving the Week 8/24/12 first appeared on M...
Sorry readers, last week’s post was missed due to an overwhelming amount of work both on the professional and personal areas. Thank you for holding The post Surviving the Week 08/17/12 fir...
Web Apps Experience 2,700+ Attacks Per Year In a recent study, Imperva found that the average application can expect attack incidents 120 days per year The post Surviving the Week 8/10/12 fi...
HTML5 Top 10 Attacks Last week at Blackhat, our team member Shreeraj Shah presented on threats against HTML5. The talk discussed the Top 10 Threats The post Surviving the Week 8/3/12 first a...
CodeIgniter 2.1.1 Cross Site Scripting Bypass CodeIgniter is an open source Web Application Framework that helps authors write PHP applications. Version 2.1.1 of CodeIgniter suffers The post ...
Black Hat 2012 Coverage Dark Reading put together a list of interesting talks to headline at Black Hat this year. Check out their preview links. The post Survivng the Week 7/20/2012 first ...
Nvidia developer forums had been hacked, 400,000 user account compromised. More games with “Who’s got the biggest bounty?” 400,000 is fairly respectable. Remember back in The post S...
Huge SQL injection knowledge base NTObjectives released a SQL Injection cheat sheet which can be found at http://www.ntobjectives.com/go/sql-injection-cheat-sheet/, A more comprehensive knowledg...
Code Execution Vulnerability in Microsoft XML Core Services If you are calling “msxml3!_dispatchImpl::InvokeHelper” in your code, make sure to patch it. A vulnerability exists when The ...