Showing 259 results for: Application Security ×

Airachnid: Web Cache Deception Burp Extender

Introduction Cross-Site Request Forgery (CSRF) attacks are well established and understood, having been in the OWASP top ten for ten years. For those of you not so familiar with this vulnerability, it takes place when a user can be coerced...

Exploiting Privilege Escalation in Serv-U by SolarWinds

I was recently working on an external network penetration test where I identified a new vulnerability in a file sharing web application called Serv-U by SolarWinds. This vulnerability granted me administrative privileges to the Serv-U application, and, allowed for remote...

TWSL2016-006: Multiple XSS Vulnerabilities reported for Zen Cart

Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. Researchers from the SpiderLabs Research team at Trustwave recently found multiple Cross-Site Scripting (XSS) vulnerabilities in the popular online open source shopping cart application. The vulnerabilities affect Zen Cart...

Angler Exploit Kit – Gunning For the Top Spot

They say that with great power comes great responsibility. In the world of websites the more popular your website is the greater your responsibility, and being responsible means, amongst other things, keeping your systems up-to-date. We've recently come across an...

Mom Spies a Hack

Have you ever wondered if all that informal training you do with your friends & family is paying off? When you say things like "use trusted sites" or "don't give your password to anyone" you wonder if they'll remember those...