AppSec Blog

Spot the Vuln - Tougher

I survived because I was tougher than anybody else. - Bette Davis Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. … Continue reading Spot the Vuln - Tougher


Spot the Vuln - Price - Cross Site Scripting

Details Affected Software: PunBB Fixed in Version: 2.1 Issue Type: Cross Site Scripting (XSS) Original Code: Found Here Description This week's vulnerability was a XSS bug in PunBB. PunBB was taking an un-trusted value directly from the POST parameter ($_POST[''prune_sticky']) and echoing the un-trusted value directly into a value attribute for a hidden form input … Continue reading Spot the Vuln - Price - Cross Site Scripting


Spot the Vuln - Price

Courage is the price that life exacts for granting peace. - Amelia Earhart Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability … Continue reading Spot the Vuln - Price


UI Spoofing Safari on the iPhone

This is the second in a series of guest posts from security researcher Nitesh Dhanjani. His first post was on Insecure Handling of URL Schemes in Apple's iOS. Nitesh will be giving a talk on "Hacking and Securing Next Generation iPhone and iPad Apps" at SANS AppSec 2011. Popular web browsers today do not allow … Continue reading UI Spoofing Safari on the iPhone


Exchanging and sharing of assessment results

[Cross posted from SANS ISC] Penetration tests and vulnerability assessments are becoming more common across the whole industry as organizations found that it is necessary to prove a certain level of security for infrastructure/application. The need to exchange test result information is also increasing substantially. External parties ranging from business partners, clients to regulators may … Continue reading Exchanging and sharing of assessment results