Weather Forecast for April — It’s Raining Security Pros

As you are planning out your spring calendar, make sure an April visit to San Francisco is on it. Anchored by RSA Conference 2018, San Francisco will become a center of US security life for a week. The week will start with some training events and, of course, BSides San Francisco. Bsides is a...

api.intagent.com XSS vulnerability

Open Bug Bounty ID: OBB-568126 Description| Value ---|--- Affected Website:| api.intagent.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

api.har.com XSS vulnerability

Open Bug Bounty ID: OBB-567833 Description| Value ---|--- Affected Website:| api.har.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

tsw.hk.forexprostools.com XSS vulnerability

Open Bug Bounty ID: OBB-567044 Description| Value ---|--- Affected Website:| tsw.hk.forexprostools.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated...

Survey: APIs a Growing Cybersecurity Risk

Like a lot of people, your mobile phone number is probably easily accessible to anyone with a bit of searching. Imagine if someone could take this number and your name and gain access to your mobile phone account including billing, email address and phone IMSI. Or maybe someone hacked into one of...

OWASP Top 10 2017 is Released

The Journey to the New and Improved Ten Most Critical Web Application Security Risks It was not too long ago that protecting your web server infrastructure consisted of simply placing the servers in their own zone behind the firewall and just opening a couple of ports. Outside of endpoint...

Security Strategies for DevOps, APIs, Containers and Microservices

More and more IT professionals see DevSecOps, a practice which integrates security measures earlier in the development process to improve production code quality, as a mainstay for future application development. Much of this stems from the growing trend towards speeding up application developmen...

regworld.com XSS vulnerability

Open Bug Bounty ID: OBB-525386 Description| Value ---|--- Affected Website:| regworld.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Wallarm Joins NVIDIA AI Virtual Accelerator

We are thrilled to announce that Wallarm has joined the NVIDIA Inception program, which is designed to nurture startups revolutionizing industries with advancements in AI and data sciences. NVIDIA’s Inception program is a virtual accelerator that helps startups during critical stages of product...

CVE-2015-8008

CVE-2015-8008 relates to the MediaWiki OAuth extension. The description states that it improperly negotiates a new client token only over Special:OAuth/initiate, enabling attackers to bypass IP address access restrictions by making an API request with an existing token. The provided data does not...

CVE-2017-15103

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation...

CVE-2017-15103

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation...

students.tts.edu.sg XSS vulnerability

Open Bug Bounty ID: OBB-454296 Description| Value ---|--- Affected Website:| students.tts.edu.sg Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Che...

REST API - Improved HTTP Authentication

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...

Six Ways to Secure APIs

API usage in application development has become the trend of the year. Adoption of micro-services and server-less architectures have only accelerated this trend. Based on conversations with analysts and customers, we expect APIs to become the majority of web application front ends in next couple ...

Infogram: Bruteforcing Coupons

Hi, while i was fuzzing for an API endpoints i found this endpoint: https://infogram.com/api/discounts the first thing came on my mind is bruteforcing the coupon codes so i gave it a try and it worked! there's no rate limit on that endpoint so an attacker could use it to bruteforce the coupon cod...

CVE-2017-1148

The CVE-2017-1148 entry applies to IBM OpenPages GRC Platform versions 7.2–7.3 with the OpenPages Loss Event Entry (LEE) application. The root cause is described as insecure object reference leading to information disclosure of sensitive data, including private APIs, which could be leveraged for ...

vpgame.com XSS vulnerability

Open Bug Bounty ID: OBB-382411 Description| Value ---|--- Affected Website:| vpgame.com Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet Vulnerable URL:...

api.modernweekly.com XSS vulnerability

Open Bug Bounty ID: OBB-363653 Description| Value ---|--- Affected Website:| api.modernweekly.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

CVE-2017-1000093

Summary: CVE-2017-1000093 pertains to the Jenkins Poll SCM Plugin, which failed to require API requests to be sent via POST, exposing it to Cross-Site Request Forgery attacks. This could allow an attacker to initiate polling of projects with a known name. The issue undermines the plugin’s permiss...