AppSec Blog

Top 25 Series - Rank 23 - Open Redirect

Open redirect (CWE-601) allows phishing attack to be more effective. Redirection is commonly used within all web applications for various purposes. From the login page, it is a common practice to redirect the user to another page once the user logs in. Sometimes the user goes directly to a content page and is redirected to … Continue reading Top 25 Series - Rank 23 - Open Redirect


Top 25 Series - Rank 21 - Incorrect Permission Assignment for Critical Response

Incorrect Permission Assignment for Critical Response (CWE-732) is a complicated name for a problem that is easy to understand. If you don't go out of the way to do a few steps to secure your resources, they are probably not secured by default. Often enough in development, the responsibility to secure resources and components of … Continue reading Top 25 Series - Rank 21 - Incorrect Permission Assignment for Critical Response


Social Zombies: Your Friends Want to Eat your Brains Webcast

Kevin Johnson will be giving a cool webcast called "Social Zombies" where he "explores the various concerns related to malware delivery through social network sites. Ignoring the FUD and confusion being sowed today, this presentation will examine the risks and then present tools that can be used to exploit these issues. We discuss how social … Continue reading Social Zombies: Your Friends Want to Eat your Brains Webcast


Top 25 Series - Rank 22 - Allocation of Resources Without Limits or Throttling

A number of years ago I was conducting a black box test of a fairly large web application. As part of this testing I used an automated script to send malicious inputs to a number of forms on the site in question. I sent a lot of requests. Turned out that, under the covers, the … Continue reading Top 25 Series - Rank 22 - Allocation of Resources Without Limits or Throttling


Top 25 Series - Rank 18 - Incorrect Calculation of Buffer Size

Incorrect Calculation of Buffer Size (CWE-131) is another shameful member in the buffer overflow family. Buffer overflow is generally caused by copying or moving a piece of data to a smaller memory location hence overwriting some important data in the memory and corrupting the execution path of the computer. The most basic case of buffer … Continue reading Top 25 Series - Rank 18 - Incorrect Calculation of Buffer Size