AppSec Blog: Category - Top25

Top 25 Series - Rank 19 - Missing Authentication for Critical Function

One of the most blatant examples I've seen of weak or missing authentication occurred with the online dating site SpeedDate.com. For a brief period of time passwords were not even required to log in to the application [1]. All you needed was the user id and a blank password and you would be signed on … Continue reading Top 25 Series - Rank 19 - Missing Authentication for Critical Function


Top 25 series - Rank 1 - Cross Site Scripting

My honor to kick off with the first programming error on the Top 25 list. Ranked number 1 on the list is the Cross Site Scripting issue. Cross Site Scripting like many other Web security problems is caused by simple flaws related to user input but the potential attack scenarios can be diverse and the … Continue reading Top 25 series - Rank 1 - Cross Site Scripting