Imagine the following situation You work as a security manager for a company that owns the website wwwexamplecom One day, your sales department receives an email from an unknown individual The sales department forwards it to you The email has the following content: You examplecom/loginphp page break Send XSS </script><img/%00/src="worksinchrome:prompt(1)"/%00/onerror=’eval(src)’><img/ src=`~`...
Session IDs are a tasty treat for malicious hackers Once an attacker gets their hands on a session ID, they can get unauthorized access to a web application and fully impersonate a valid user In general, there are three primary methods to obtain a valid session ID: Guessing a valid session ID (session prediction)Creating a valid session ID and tricking the user into using it (session fixation)Obtaining a valid...
Malware Adware Ransomware So many “wares” thrown around these days in the world of cybersecurity The latest addition to this list is known as ‘fleeceware’ The term was coined by UK cybersecurity firm Sophos in September 2019 This was following the firm’s discovery of a new type of financial fraud on the Google Play Store Fleeceware refers to situations where app developers manipulate loopholes in the...
It’s the dawn of a new decade As we look to a year of promise and excitement, its probably a good idea to pay a bit more attention to cybersecurity Most of our modern activities revolve around technology It makes sense to take security a bit more seriously So, here’s a list of things you could look to implementing to upgrade your security experience in 2020 Passwords Let’s start with the obvious one...
You might have heard of it before and might not be sure what it’s about exactly But bug bounty programs remain an important and effective part of cybersecurity, particularly for companies So what is a bug bounty program How does one help cybersecurity Here’s what you need to know The first known bug bounty program was in 1983 by Hunter & Ready At the time, the program offered a Volkswagen Beetle who found...
