The 9th item on the OWASP Top 10 is A9 – Insufficient Transport Layer Protection. This is mostly a browser to server and server to server issue.
This post describes how OWASP Top 10 – A7: Insecure Cryptographic Storage affects javascript applications. This is a wide category which covers a lot more than this blog post. I’ll try to focus on the aspects that often occur in applications that rely heavily on JavaScript
The vulnerability known as A5 – Cross-Site Request Forgery (CSRF) has many names including session riding and one-click attack. It’s a blind attack in the sense that the attacker is not directly attacking the application, but rather tricks a user into doing the attack for him. In this article we’ll look at what’s going on, how to fix it and also look at an attack specific to single page web applications.
Cross site Scripting – or XSS – is probably one of the most common and one of the most difficult problems to fully mitigate. At first it seems simple, but as contexts grow in complexity and the amount of code grows, it get’s harder to discover all the different sinks.
Injection problems usually occur whenever unsanitized user data is concatenated with a static template to build a structure (typically a query of some kind).
The ZIP-specification is somewhat peculiar in that it is specified by a company called PKWARE and not by any of the regular standardization bodies like the IETF or W3C. The specification has undergone several revisions since its first release in 1989, and is currently at version 6.3.2. (published in 2007). One would think that support [...]
