Unvalidated redirects and forwards cannot harm your website or web application but they can harm your reputation by helping attackers lure users to malware sites. If you allow unvalidated redirects and forwards, your website or web application will most probably be used in phishing scams….
Author Archives Tomasz Andrzej Nidecki
THE AUTHOR
Tomasz Andrzej Nidecki
Principal Cybersecurity Writer
Principal Cybersecurity Writer
What Is Integer Overflow
An integer overflow is a type of an arithmetic overflow error when the result of an integer operation does not fit within the allocated memory space. Instead of an error in the program, it usually causes the result to be unexpected. Integer overflows have been…
What Are JSON Injections
The term JSON injection may be used to describe two primary types of security issues: Server-side JSON injection happens when data from an untrusted source is not sanitized by the server and written directly to a JSON stream. Client-side JSON injection happens when data from…
What Is Session Fixation
Session fixation is a web attack technique. The attacker tricks the user into using a specific session ID. After the user logs in to the web application using the provided session ID, the attacker uses this valid session ID to gain access to the user’s…
What Is Cross-Frame Scripting (XFS)
Cross-Frame Scripting is a web attack technique that exploits specific browser bugs to eavesdrop on the user through JavaScript. This type of attack requires social engineering and completely depends on the browser selected by the user, therefore it is perceived as a minor web application…
Mobile App Security – Don’t Forget the APIs!
Every year more and more consumers use mobile devices to access online services. This means that every service business, and not only in the case of B2C but also B2B services, must cater to the needs of mobile device owners. However, mobile device users prefer…
What Is Privilege Escalation and How It Relates to Web Security
Privilege escalation, in simple words, means getting privileges to access something that should not be accessible. Attackers use various privilege escalation techniques to access unauthorized resources. For web application security, privilege escalation is an important concern because web intrusions are usually only the first stage…
How Does IoT Security Relate to Web Security
Smart devices, which are part of the IoT ecosystem (Internet of Things), are not only increasingly prevalent at homes. They also find their way into businesses of all sizes including enterprises. Unfortunately, the cybersecurity of IoT devices leaves a lot to be desired and is…
White paper: The Future Is the Web! How to Keep It Secure?
The web is everywhere and it’s not an exaggeration. More and more application manufacturers move from dedicated desktop interfaces to web interfaces. You are probably using a web-based email system. Chances are that you are creating your documents using a web platform. If you develop…