[Security] OWASP Top 10 for JavaScript
The OWASP Top 10 is a risk focused list of the top 10 most critical web application security risk.The background for this series is applications that make heavy use of javascript. Typically they will...
View Article[Security] OWASP Top 10 for JavaScript - A1: Injection
In this post I'll describe how OWASP Top 10 - A1 Injection applies to javascript based applications. Injection problems usually occur whenever unsanitized user data is concatenated with a static...
View Article[Security] OWASP Top 10 for JavaScript - A2: Cross Site Scripting - XSS
In this post I'll describe how OWASP Top 10: A2-Cross Site Scripting applies to javascript based applications. Cross site Scripting - or XSS - is probably one of the most common and one of the most...
View Article[Security] OWASP Top 10 for JavaScript - A3: Broken Authentication and...
In this post I'll describe how OWASP Top 10: A3 - Broken Authentication and Session Management applies to javascript based applications. Problems around broken authentication and session management can...
View ArticleClik here to view.
[Security] OWASP Top 10 for JavaScript - A4: Insecure Direct Object References
How do A4 - Insecure Direct Object References apply to Javascript? Well, it all depends on how the system was formed, but this is very likely to become a problem in pure JavaScript apps. Read on for an...
View Article[Security] OWASP Top 10 for JavaScript - A5: Cross Site Request Forgery (CSRF)
The vulnerability known as A5 - Cross-Site Request Forgery (CSRF) has many names including session riding and one-click attack. It's a blind attack in the sense that the attacker is not directly...
View Article[Security] OWASP Top 10 for JavaScript - A6: Security Misconfiguration
This post describes how OWASP Top 10 - A6: Security Miconfiguration affects javascript applications. This is a wide category which covers a lot more than this blog post. I'll try to focus on the...
View Article[Security] OWASP Top 10 for JavaScript - A7: Insecure Cryptographic Storage
This post describes how OWASP Top 10 - A7: Insecure Cryptographic Storage affects javascript applications. This is a wide category which covers a lot more than this blog post. I'll try to focus on the...
View Article[Security] OWASP Top 10 for JavaScript - A9: Insufficient Transport Layer...
The 9th item on the OWASP Top 10 is A9 - Insufficient Transport Layer Protection. This is mostly a browser to server and server to server issue.This is the risk rating from OWASP: Threat Agents Attack...
View Article[Security] Scanning Norway for JavaScript libraries
After working on retire.js I decided to take it for a real test run. I setup a node script with phantomjs and scanned the landing page of 150,000 Norwegian domains. These are the results. You will find...
View Article[Security] Scanning Fortune 500 for JavaScript libraries with known...
After scanning Norway and Alexa Top 100,000, I decided to scan the Fortune 500 companies. Summarized 385 (77%) out of the 500 are using JavaScript libraries with known vulnerabilities. Which means they...
View Article
