This document aims to analyse and explore data collected from technical assurance engagements during 2016. Continue reading
Recently, researchers at Trustwave’s SpiderLabs spoke at Black Hat Europe on the dangers of simply reflecting data back to the requesting user as part of an HTTP request/response exchange. When you think about it, this stands to reason, after all, it’s what Cross-site Scripting attacks are born from. What’s interesting is that the new research discussed another way in which it could be exploited. Continue reading
cspCalculator is a PoC implementation of a dynamic Content Security Policy creator. Continue reading
This document is not intended to be a definitive guide, but more of a review of the specific security issues resulting from the use of HTML 5. Continue reading