This blog is about a technique used by attackers to perform phishing attack by using the Tabnabbing. Although, this was technique was invented long time ago, but there are very few articles on this. Hence, I thought to write something on this topic. What is tabnabbing?p Tabnabbing is a client side attack web based attack. […]
Author: Saurabh Banawar
OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports
This blog covers Cross-Site Scripting (XSS) vulnerability from a different perspective. Generally, XSS is when the application takes user supplied JavaScript and displays it without escaping/encoding. In this blog, we will see how can XSS be exploited even if the application properly escapes/encodes the user inputted JavaScript using different methods. Exploiting XSS in this way can […]
How are work, life and things at SecureLayer7
What we do at SL7? Look at SecureLayer7 Review In this blog post, we will see how are work, life and things at SecureLayer7. We are an enthusiastic pack of security consultants and developers. Our work profile involves: Working at the customer site or remotely and pen testing web, mobile and infrastructure. Finding and making […]
OWASP TOP 10: Insufficient Attack Protection #7 – CAPTCHA Bypass
What is CAPTCHA? CAPTCHA is an acronym for “Computer Automated Public Turing test to tell Computers and Humans apart”. It is used to determine whether or not the user is human. Many times, a CAPTCHA is an image. A human has to solve it using the challenge response system. A human can usually read it […]
OWASP Top 10 Details About WebSocket Vulnerabilities and Mitigations
Socket in a Nutshell A socket is an endpoint of a network communication. A socket always comes in 2 parts: An IP address and a port. For example: When you visit www.securelayer7.net, your computer and the website’s computer are communicating using sockets (endpoints). The endpoint of the website will be: www.securelayer7.net:80 and endpoint of your […]
OWASP Top 10 : Cross-Site Scripting #2 DOM Based XSS Injection and Mitigation
What is a DOM (Document Object Model)? DOM is a W3C (World Wide Web Consortium) standard. It is a platform independent interface that allows programs and scripts to dynamically access and modify the structure of an document. The document can be HTML, XHTML or XML. Let us apply the above definition practically: Before modifying element using DOM: […]
OWASP TOP 10: Security Misconfiguration #5 – CORS Vulnerability and Patch
What is the meaning of an origin? Two websites are said to have same origin if both have following in common: Scheme (http, https) Host name (google.com, facebook.com, securelayer7.net) Port number (80, 4567, 7777) So, sites http://example.com and http://example.com/settings have same origin. But https://example.com:4657 and http://example.com:8080/settings have different origins. The ‘Same Origin Policy’ restricts how a script […]