Artikel gepubliceerd: Webprogrammer’s Hacking Guide
Op PHPFreakz.nl heb ik het artikel Webprogrammer’s Hacking Guide geplaatst. Dit artikel is bedoeld voor webprogrammeurs die veilig willen programmeren of bezorgd zijn over de veiligheid van hun...
View ArticlePHP: htmlEntities() and Cross Site Scripting
When printing user input in an attribute of an HTML tag, the default configuration of htmlEntities() doesn’t protect you against Cross Site Scripting (XSS), when using single quotes to define the...
View ArticleClik here to view.
Cross-site scripting in millions of web sites
In August 2014 I found a severe cross-site scripting security vulnerability in the latest version (1.13.0) of the ‘jQuery Validation Plugin‘ during a security penetration test for a customer. This...
View ArticleClik here to view.
Mitigations against critical universal cross-site scripting vulnerability in...
This week David Leo disclosed a critical universal cross-site scripting vulnerability in fully patched Microsoft Internet Explorer 10 and 11 (from now on called the UXSS leak). He notified Microsoft on...
View Article
