15 matches found
The vulnerability of the AngularJS JavaScript framework for developing single-page applications relates to incomplete filtering of special elements, allowing attackers to perform cross-site scripting attacks.
The vulnerability of the AngularJS JavaScript framework for developing single-page applications is related to incomplete filtering of special elements. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
This Week in Spring - February 27th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring wherein we explore the latest-and-greatest in the wonderful world of Springdom. This week's going to be a very good one, so let's dive right into it! good news everyone! Spring Boot's been updated! 3.3.0-M2, 3.2.3, and 3.1.9 a...
The vulnerability of the $resource service in the Angular application and single-page application development platforms, related to the use of a regular expression with inefficient computational complexity, allows attackers to trigger service failures.
The vulnerability of the application development environment and the Angular single-page application platform is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause service failures...
Xcrawl3R - A CLI Utility To Recursively Crawl Webpages
xcrawl3r is a command-line interface CLI utility to recursively crawl webpages i.e systematically browse webpages' URLs and follow links to discover linked webpages' URLs. Features Recursively crawls webpages for URLs. Parses URLs from files .js, .json, .xml, .csv, .txt & .map. Parses URLs from...
Burp-Dom-Scanner - Burp Suite's Extension To Scan And Crawl Single Page Applications
It's a Burp Suite's extension to allow for recursive crawling and scanning of Single Page Applications. It runs a Chromium browser to scan the webpage for DOM-based XSS. It can also collect all the requests XHR, fetch, websockets, etc issued during the crawling allowing them to be forwarded to...
Authcov - Web App Authorisation Coverage Scanning
Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different us...
DOMDig - DOM XSS Scanner For Single Page Applications
DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications SPA recursively. Unlike other scanners, DOMDig can crawl any webapplication including gmail by keeping track of DOM modifications and XHR/fetch/websocket requests and it can simulate a...
What is Cross Site Request Forgery CSRF | Example and Methods of protection
Organizations aspiring for all-around resource security against the damage-causing cyber vulnerabilities must upgrade their knowledge and get acquainted with all the existing types. CSRF is what is covered sizably in the post. What is CSRF Attack? A counterpart of XSS, CSRF is one of the multiple...
Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. The vast majority of the interactions an average person has with technology is through some form of a web application, but what constitutes a “web app” can be considered quite nebulous, and the...
Providing Security and Acceleration of Single Page Applications
HTTP/2 + gRPC and protobuf Today many digital transformation and DevOps teams have been tasked with building applications that will enhance their customer’s digital experience. The goal, to make the user experience smoother, faster and less impeded by transactional and security controls, is a cor...
Serve Information Disclosure Vulnerability
serve is an HTTP server for deploying single page applications. A security vulnerability exists in serve, which stems from the program not handling URL encoding correctly. The vulnerability can be exploited to disclose information via directory listings...
angular-http-server path traversal vulnerability
angular-http-server is an HTTP server for deploying single page applications. A path traversal vulnerability exists in angular-http-server, which stems from the program's lack of checksums on possibleFilename. An attacker can exploit this vulnerability to read the contents of an arbitrary file wi...
sspa path traversal vulnerability
sspa is a dedicated server for single page applications. A directory traversal vulnerability exists in sspa. An attacker can exploit this vulnerability to gain access to the file system by placing a '... /' sequence in a URL to gain access to the file system...
hekto node module path traversal vulnerability
hekto node module is a module to support single page applications. A path traversal vulnerability exists in the hekto node module, which stems from the program's lack of file path filtering. An attacker can exploit this vulnerability to read the contents of an arbitrary file...
Application Security Testing — The Wallarm Approach
Testing the security of the corporate applications is a part of every-day life for Ops and DevOps professionals. Larger companies have whole teams dedicated to independent security testing, called Red Teams. These folks use various tools at their disposal to discover the flaws in both application...