Tags: xss

4

sparkline

Widespread XSS Vulnerabilities in Ad Network Code Affecting Top Tier Publishers, Retailers - Randy Westergren

An a revelation that comes as a shock to absolutely no one, the JavaScript injected by ad networks can be used as a vector for attack.

This industry-wide problem serves as a great example of how 3rd-party components can compromise the security of an otherwise secure site.

One more reason to install an ad blocker.

securityheaders.io

A quick way of testing for some fairly easy to fix security leakage from your server’s headers.

I say easy to fix, but I find the fix for public key-pins pant-shittingly intimidating.

Web Security Horror Stories: The Director's Cut at

The slides from Simon's excellent full-length presentation at the head conference. Every web developer needs to be aware of these issues.

Facebook's Misrepresentation of Beacon's Threat to Privacy: Tracking users who opt out or are not logged in. - CA Security Advisor Research Blog - CA

An excellent piece of research that shows how Facebook affiliates' cross-site scripting (Beacon) sends information back to the mothership regardless of whether the user has opted out.