As information security analysts, cross-site scripting usually means an alert box with some arbitrary number being shown on the screen.  But the risk involved with these attacks is far more serious than an annoying little pop up.  In 2009, Twitter became the victim of a cross-site scripting worm that exploited a stored cross-site scripting vulnerability. […]

Direct Access and Completely Unprotected Functionality In many cases of broken access controls, sensitive functionality and resources can be accessed by anyone who knows the relevant URL.  Some applications may enforce access controls by simply not displaying the usable link or button to access the resource. To effectively scan for these weaknesses, first open an […]