BEAST stands for Browser Exploit Against SSL/TLS. It is an attack against network vulnerabilities in TLS 1.0 and older SSL protocols. The attack was first performed in 2011 by security researchers Thai Duong and Juliano Rizzo but the theoretical vulnerability was discovered in 2002 by…
Author Archives Tomasz Andrzej Nidecki
Even the Mightiest Fall: An SQL Injection in Sophos XG Firewall
Do you really think you are safe from web vulnerabilities or that they are just minor problems? A few days ago Sophos, one of the world’s most renowned security companies, found an SQL Injection in their product. What is worse, they found the vulnerability because…
NoSQL Injections and How to Avoid Them
A NoSQL injection vulnerability is an error in a web application that uses a NoSQL database. This web application security issue lets a malicious party bypass authentication, extract data, modify data, or even gain complete control over the application. NoSQL injection attacks are the result…
How to Defend against Black Hat Hackers during the COVID-19 Pandemic
The SARS-CoV-2 coronavirus outbreak and the COVID-19 illness are instrumental for cybercriminals. Both businesses and private users are a major cyberattack target due to chaos and panic that surrounds the coronavirus pandemic. Here is what we believe that organizations should do to maintain a high…
What Are Insecure Direct Object References
Insecure direct object references (IDOR) are a cybersecurity issue that occurs when a web application developer uses an identifier for direct access to an internal implementation object but provides no additional access control and/or authorization checks. For example, an IDOR vulnerability would happen if the…
Session Hijacking and Other Session Attacks
Session IDs are a tasty treat for malicious hackers. Once an attacker gets their hands on a session ID, they can get unauthorized access to a web application and fully impersonate a valid user. In general, there are three primary methods to obtain a valid…
What Are HTML Injections
HTML injections (HyperText Markup Language injections) are vulnerabilities that are very similar to Cross-site Scripting (XSS). The delivery mechanisms are exactly the same but the injected content is pure HTML tags, not a script like in the case of XSS. HTML injections are less dangerous…
XSS Filter Evasion Basics
The two primary methods of avoiding Cross-site Scripting (XSS) vulnerabilities are XSS filtering and XSS escaping. However, XSS filtering is not recommended because it can usually be evaded using clever tricks. Here are some of the methods that an attacker can employ in their malicious…
What Is Cookie Poisoning
The term cookie poisoning is used in different contexts to describe attacks that aim to manipulate, intercept, or forge the content of HTTP cookies. Cookie poisoning attacks are different types of attacks that can affect both the client-side application, data transmission, or the web server….