Posts

Stored XSS

-
Image
WHAT IS STORED XSS? Stored cross-site scripting (XSS) is a type of attack where an attacker injects a malicious script into a web application and the application saves it. When a victim visits the page, the browser executes the malicious script. Stored XSS is also known as persistent or second-order XSS. HOW DOES STORED XSS WORK? 1.An attacker finds a vulnerability in a web application.  2.The attacker injects malicious code into the application, often through a user input field like a comment section.  3.The application saves the malicious code in a database or other location.  4.When a victim visits the infected page, the malicious code is sent to their browser.  5.The victim's browser executes the malicious code, which can steal the victim's session information or other data.  MITIGATION FOR STORED XSS? 1. Validate user input : Check that user input matches what the system expects. For example, you can limit the characters allowed for a phone number.  2....
Post a Comment
Read more

NETSPARKER: A WEB SCANNER

-
Image
 NETSPARKER: WHAT IS IT?  WHAT IS NETSPARKER? WHAT IS NETSPARKER TOOL USED FOR? Netsparker is a web application security scanner that identifies vulnerabilities in websites, web applications, and web services.  Netsparker automatically scans custom web applications for Cross-Site Scripting (XSS), SQL Injection, and other types of vulnerabilities. Netsparker can scan all types of web apps, independent of the platform or language in which they are coded. It is now known as INVICTI HOW IT WORKS: Netsparker uses automated scans to simulate external attacks on a web application. It can scan for vulnerabilities like SQL injection (SQLi) and cross-site scripting (XSS).  1. IDENTIFY ATTACK SURFACE Netsparker visits every link in a web page and makes requests to all input points.  2. FIND VULNERABILTY Netsparker uses Proof-Based Scanning technology to identify vulnerabilities like SQL injection and cross-site scripting (XSS).  3. PRODUCE PROOF OF EXPLOIT  Netsp...
Post a Comment
Read more

Mastering the Next ISO Audit: Key Tips for a Smooth Experience

-
Image
In this blog, we'll break down the process, step by step, to help you feel ready and confident to make an ISO Audit. An ISO audit checks if your organization is following the rules of a specific ISO standard, like: 1. ISO 9001: Focuses on quality management. 2. ISO 27001: Deals with information security. 3. ISO 14001: Covers environmental management. There are two main types of audits: 1. Internal Audit: Done by your own team to check if everything is in order. 2. External Audit: Performed by an outside expert to confirm your compliance and award certifications.       How to prepare for an ISO Audit?  Getting ready for an ISO audit is all about being organized. Here's what you can do: 1. Do a Self-Check: Compare your current processes with the ISO standard's requirements. This is called a gap analysis. 2. Update Your Documents: Make sure all policies, procedures, and records are up-to-date and easy to find. 3. Train Your Team: Everyone should know what their r...
Post a Comment
Read more