Researchers will demonstrate a lethal combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks tomorrow at Black Hat Europe in Amsterdam. The goal is to show the danger ...

A handful of bugs, mostly XSS and CSRF vulnerabilities, have been plaguing at least eight different Wordpress plugins as of late. A smattering of bugs, mostly cross-site scripting (XSS) and cross-site ...

LinkedIn has patched a number of exploitable vulnerabilities that could have led to phishing attacks, malware infections and the loss of credentials for users of the social network for business ...

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, ...

In this assignment, we provide an insecure website, and your job is to attack it by exploiting three common classes of vulnerabilities: SQL injection, cross-site request forgery (CSRF), and cross-site ...

Fellow VoIP blogger and multi-skilled polymath Tom Keating picks up on security consultancy GNUCitizen.org's description of a security vulnerability in snom Technology's model 320 VoIP phone.

The high-profile attack that hit the Twitter website early this morning and affected tens to hundreds of thousands of Twitter users serves as a reminder of just how the pervasive but often-dismissed ...

It’s common knowledge that images make webpages, email footers and other similar elements more presentable and attractive. But a simple image containing a malicious link can be a serious threat. For ...

After Cross Site Scripting (XSS), the second most common web application security exploit is probably one you haven’t heard of: Cross Site Request Forgery (or CSRF for short). This little-known but ...

In this assignment, we provide an insecure website, and your job is to attack it by exploiting three common classes of vulnerabilities: SQL injection, cross-site request forgery (CSRF), and cross-site ...