OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

This blog covers Cross-Site Scripting (XSS) vulnerability from a different perspective. Generally, XSS is when the application takes user supplied JavaScript and displays it without escaping/encoding. In this blog, we will see how can XSS be exploited even if the application properly escapes/encodes the user inputted JavaScript using different methods. Exploiting XSS in this way can […]

How are work, life and things at SecureLayer7

What we do at SL7? In this blog post, we will see how are work, life and things at SecureLayer7. We are an enthusiastic pack of security consultants and developers. Our work profile involves: Working at customer site or remotely and pen testing web, mobile and infrastructure. Finding and making proof of concept for vulnerabilities. […]

OWASP TOP 10: Insufficient Attack Protection #7 – CAPTCHA Bypass

What is CAPTCHA? CAPTCHA is an acronym for “Computer Automated Public Turing test to tell Computers and Humans apart”. It is used to determine whether or not the user is human. Many times, a CAPTCHA is an image. A human has to solve it using the challenge response system. A human can usually read it […]

OWASP Top 10 Details About WebSocket Vulnerabilities and Mitigations

Socket in a Nutshell A socket is an endpoint of a network communication. A socket always comes in 2 parts: An IP address and a port. For example: When you visit www.securelayer7.net, your computer and the website’s computer are communicating using sockets (endpoints). The endpoint of the website will be: www.securelayer7.net:80 and endpoint of your […]

OWASP Top 10 : Cross-Site Scripting #2 DOM Based XSS Injection and Mitigation

What is a DOM (Document Object Model)? DOM is a W3C (World Wide Web Consortium) standard. It is a platform independent interface that allows programs and scripts to dynamically access and modify the structure of an document. The document can be HTML, XHTML or XML. Let us apply the above definition practically: Before modifying element using DOM: […]

OWASP TOP 10: Security Misconfiguration #5 – CORS Vulnerability and Patch

What is the meaning of an origin? Two websites are said to have same origin if both have following in common: Scheme (http, https) Host name (google.com, facebook.com, securelayer7.net) Port number (80, 4567, 7777) So, sites http://example.com and http://example.com/settings have same origin. But https://example.com:4657 and http://example.com:8080/settings have different origins. The ‘Same Origin Policy’ restricts how a script […]