Firefox developers are developing new technologies that aim to fight web application vulnerabilities such as Cross-Site Scripting and Cross-Site Request Forgeries.
One feature will need web developers …
Read the rest here:
Firefox developers aim fight web application threats
My research aim was to explore the capabilities of firefox extensions just to see what they can or can’t do. I have found out that they are just as …
Read the original:
More Firefox Addons ownage - POC
Iv noticed this problem with Google.com redirecting to Spanish since Wednesday and it seems like they tried to fix for few Ip ranges. My ISP (Road Runner HoldCo LLC ) Ip’s are still being re-directed to Spanish. Not sure why Google hasn’t fixed this yet but im not not wasting time learning Spanish. Simple fix was to use GooGle.co.uk
Read the original:
Google Spanish Headache
This is a second find after i first reported [Yahoo Profile Redirection Weakness] - witch is patched. This same issue can lead to many Attacks. the network …
This was a project I was meant to carry on last year when I started learning the capabilities of coding in the Gecko environment to create Firefox addons. I was working to create an addon capable of digitally sign documents easily from the web browser interface using certificates. For this post I prepared a proof of concept to demonstrate how powerful …
Read more here:
Firefox Addons own ya - Keylogger POC
Being a Security Professional requires constant out-of-box thinking. For those that don’t know; Along with being a very old member on HSC, I am the CTO of Security Brigade.
My job these days involves a lot of Penetration Testing, Vulnerability Assessment, Source Code Audits, PCI Compliance, Other Compliances and Regulatory …
See more here:
Security - Thinking out of the box
I was reading an interesting blog post on Billy Rios Blog about new Google XSS found in Google spreadsheet.In the specific, that XSS is in my opinion to blame more to Internet Explorer, the only vulnerable browser to this XSS, than to Google itself.
The javascript injection is caused by Internet Explorer rendering text/plain as active content that is HTML. Indeed Billy just created a link to the spreadheet in CSV format. The spreadsheet contains a javascript snippet […]
Read the rest here:
Exploiting browsers mental diseases
Oh well, countless times I’ve heard people consider themselves hackers just because they got an SQL error after giving a quote character ” ‘ ” instead of a numeric value in a web application parameter. How they would browse the database content is still mysterious…to them.
Web application security has been my first love. I had done some nice researches on it too and spent hours and hours playing with http protocols and server side scripting. And these are […]
See the original post here:
I want to be a web app hacker
While auditing Joomla source code, I have had the opportunity to make some thinkings on structural security improvements that can be achieved at design-time of a web application, that …
See the original post here:
Salt hashed passwords for deep thinkers
We all got to see the question “How to hack…” whatever on forums or news groups. This article has the right answer for it …
Read the rest here:
Tactical Exploitation