H. Valters
Ethical Penetration tester / DevSecOps / IT Solution Developer / System administrator
Category Archives: Cyber Security
Stored XSS
In this section, we’ll explain stored cross-site scripting, describe the impact of stored XSS attacks, and spell out how to find stored XSS vulnerabilities. What is stored cross-site scripting? Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its…
XSS vs CSRF
In this section, we’ll explain the differences between XSS and CSRF, and discuss whether CSRF tokens can help to prevent XSS attacks. What is the difference between XSS and CSRF? Cross-site scripting (or XSS) allows an attacker to execute arbitrary JavaScript within the browser of a victim user. Cross-site request forgery (or CSRF) allows an attacker to induce a…
CSRF tokens
In this section, we’ll explain what CSRF tokens are, how they protect against CSRF attacks, and how CSRF tokens should be generated and validated. What are CSRF tokens? A CSRF token is a unique, secret, unpredictable value that is generated by the server-side application and transmitted to the client in such a way that it is…
Defending against CSRF with SameSite cookies
Some websites defend against CSRF attacks using SameSite cookies. The SameSite the attribute can be used to control whether and how cookies are submitted in cross-site requests. By setting the attribute on session cookies, an application can prevent the default browser behavior of automatically adding cookies to requests regardless of where they originate. The SameSite the attribute is added to the Set-Cookie response…
Cross-site request forgery (CSRF)
In this section, we’ll explain what cross-site request forgery is, describe some examples of common CSRF vulnerabilities, and explain how to prevent CSRF attacks. What is CSRF? Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to…
Controlling the web-message source
In this section, we’ll look at how web messages can be used as a source to exploit DOM-based vulnerabilities on the recipient page. We’ll also describe how such an attack is constructed, including how common origin-verification techniques can often be bypassed. If a page handles incoming web messages in an unsafe way, for example, by not verifying…
DOM-based Ajax request-header manipulation
In this section, we’ll look at what DOM-based Ajax request-header manipulation is, talk about the potential impact of this kind of attack, and suggest ways to reduce your exposure to Ajax request-header manipulation vulnerabilities. What is DOM-based Ajax request-header manipulation? Using Ajax enables a website to make asynchronous requests to the server so that web…
DOM clobbering
In this section, we will describe what DOM clobbering is, demonstrate how you can exploit DOM vulnerabilities using clobbering techniques, and suggest ways you can reduce your exposure to DOM clobbering attacks. What is DOM clobbering? DOM clobbering is a technique in which you inject HTML into a page to manipulate the DOM and ultimately…
DOM-based denial of service
In this section, we’ll describe DOM-based denial-of-service vulnerabilities, look at which sinks can lead to this kind of vulnerability, and discuss ways to reduce your exposure to DOM-based DOS attacks. What is DOM-based denial of service? DOM-based denial-of-service vulnerabilities arise when a script passes attacker-controllable data in an unsafe way to a problematic platform API,…
DOM-data manipulation
In this section, we’ll look at what DOM-data manipulation is, discuss the potential impact of this kind of attack, and look at ways to reduce your exposure to DOM-data manipulation vulnerabilities. What is DOM-data manipulation? DOM-data manipulation vulnerabilities arise when a script writes attacker-controllable data to a field within the DOM that is used within…