appsec
Screen Caching
Screen Caching is another of those vulnerabilities nobody is paying attention to, and this one is quite important.
As an example, …
Posts
21 articles on application security, vulnerabilities and research
appsec
Understanding CORS and SOP bypass techniques
CORS which stands for Cross-Origin Resource Sharing is a system designed to help ‘bypass’ some of the restrictions …
appsec"
Auth Token in LocalStorage
Getting right to the point: storing a token in LocalStorage is insecure.
It’s getting more and more common to use token …
appsec
Security of the NPM Packages
Javascript (and typescript) is now one of the most used languages in new projects. It has an awesome performance, and Promises …
appsec
Breaking C# SecureString
As discussed previously in Heap Inspection post keeping passwords and other sensitive data in memory may be insecure as they can …
appsec
Reverse Tabnabbing
Reverse Tabnabbing or also known as Unsafe Target Blank is one of the most underrated vulnerability, and this is the one I like …
appsec
Insecure Deserialization in Java
Insecure deserialization got in OWASP top 10 in 2017 as most of web applications written in Java and .net where found vulnerable …
appsec
Weak Random
A lot of developers don’t know that regular Random is a weak random implementation. In fact its quite predictable. A lot of …
appsec
XML External Entities (XXE)
XML and JSON are two formats ruling the web right now.
Although JSON’s adoption is increasing significantly specially with …