AppSec Blog: Category - Spot the Vuln

Clickjacking: Help, I Was Framed!

Security researchers discovered and disclosed the Clickjacking attack (also known as a "UI Redress Attack") back in 2008. All major browsers were affected. Flash even had an interesting vulnerability that allowed control of a user's microphone and webcam. Yet, here we are 7 years later still citing this issue on nearly every security assessment of … Continue reading Clickjacking: Help, I Was Framed!

Demystifying Cross-Site Request Forgery

Continuously ranked in the OWASP Top Ten, a large majority of the development community still doesn't understand Cross-Site Request Forgery (CSRF). After years of penetration tests and code reviews, my experiences show that a high percentage of applications, especially new applications, do not have proper CSRF protections in place. This post provides a refresher on … Continue reading Demystifying Cross-Site Request Forgery

The Google Cross-Site Scripting Challenge

If you didn't know already, Google takes its application security seriously, especially when it comes to Cross-Site Scripting. They already have a Vulnerability Rewards Program and XSS Learning Documentation posted on their application security site. A few weeks ago, I saw some chatter on Twitter about a new approach for teaching folks about Cross-Site Scripting: … Continue reading The Google Cross-Site Scripting Challenge

LinkedIn OAuth Open Redirect Disclosure

During a recent mobile security engagement, I discovered an Insecure Redirect vulnerability in the LinkedIn OAuth 1.0 implementation that could allow an attacker to conduct phishing attacks against LinkedIn members. This vulnerability could be used to compromise LinkedIn user accounts, and gather sensitive information from those accounts (e.g. personal information and credit card numbers). The … Continue reading LinkedIn OAuth Open Redirect Disclosure

Spot the Vuln - Boundaries - SQL Injection

Details Affected Software: My Calendar WordPress Plugin Fixed in Version: >1.7.2 Issue Type: SQL Injection Original Code: Found Here Details This week's bug was a subtle mistake in the usage of an escaping routine. It seems the developer understood the dangers of SQL injection and therefore used an escaping routine to sanitize user controlled input … Continue reading Spot the Vuln - Boundaries - SQL Injection