A published research revealed that almost every computer chip manufactured in the last 20 yrs contains Spectre & Meltdown.
Zero-Day attackers exploit undisclosed vulnerabilities that are unknown to application vendor or developer. Detection and patching can take weeks.
SQL injection has been troubling websites from over 17 years. It’s about time that you find out what it’s all about and how can you prevent SQL injection.
Automated attacks are: Credential stuffing Scraping Application layer DDoS Captcha Bypass Card Cracking Credential cracking Cashing Out Carding
vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks
Banking, ecommerce, and a number of other websites increasingly offer spreadsheet export functionality within their applications to help users download .XLS and .CSV but did you know of the CSV Injection risks?
The current ‘automating everything’ approach for application security shouldn’t be just replaced. It should be buried down under for greater good.
Badlock is referenced for Microsoft Windows by CVE-2016-0128 / MS16-047 (Windows SAM and LSAD Downgrade Vulnerability) and for Samba by CVE-2016-2118 (SAMR and LSA man in the middle attacks possible).
DROWN allows hackers to decrypt browser-server communication in hours to attack servers or/and users. Shockingly, this newly found vulnerability
The first part of OWASP Top 10 series on web and mobile applications. It explains how OWASP 10 vulnerabilities help hackers with disruption.