I apologize ahead of time if I start to ramble through this post.  Script injections are major vulnerability in web applications due to the variety of attacks that can result from one injection point and there’s a lot we can talk about.  If we take a look at the Verizon Data Breach Investigation Report, we […]

When it comes to cross-site scripting, we want to find those script injection points that are frequently overlooked.  A common source of stored cross-site scripting vulnerabilities is the file upload.  Not only can we store a script in the application, but this script may be downloaded by other users.  When we first explorer our application, […]

As information security analysts, cross-site scripting usually means an alert box with some arbitrary number being shown on the screen.  But the risk involved with these attacks is far more serious than an annoying little pop up.  In 2009, Twitter became the victim of a cross-site scripting worm that exploited a stored cross-site scripting vulnerability. […]