AppSec Blog

HTTP headers fun

Cross posted from SANS ISC Not sure if you have seen our latest pet project - HTTP Headers. This is ISC's effort to track HTTP response headers by major sites on the Internet. Our main goal at this point is to monitor the use of security related headers. However, we are collecting all headers in … Continue reading HTTP headers fun


Spot the Vuln - Radical

When you are right, you cannot be too radical; When you are wrong, you cannot be too conservative. - Martin Luther King, Jr. Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the … Continue reading Spot the Vuln - Radical


Spot the Vuln - Light - Cross Site Scripting

Details Affected Software: FreeNAS Fixed in Version: 0.69.3 Issue Type: Cross Site Scripting (XSS) Original Code: Found Here Description The code sample for this week contained a couple XSS vulnerabilities. Although not essential for exploitation, its also interesting to note that this response is within an SVG image. You can see this by examining the … Continue reading Spot the Vuln - Light - Cross Site Scripting


Five Key Design Decisions That Affect Security in Web Applications

By Krishna Raja and Rohit Sethi (@rksethi) Senior developers and architects often make decisions related to application performance or other areas that have significant ramifications on the security of the application for years to come. Some decisions are obvious: How do we authenticate users? How do we restrict page access to authorized users? Others, however, … Continue reading Five Key Design Decisions That Affect Security in Web Applications


Apple iOS Push Notifications: Security Implications, Abuse Scenarios, and Countermeasures

This is a guest post from security researcher Nitesh Dhanjani. Nitesh will be giving a talk on "Hacking and Securing Next Generation iPhone and iPad Apps" at SANS AppSec 2011. Millions of iOS users and developers have come to rely on Apple's Push Notification Service (APN). In this article, I will briefly introduce details of … Continue reading Apple iOS Push Notifications: Security Implications, Abuse Scenarios, and Countermeasures