January 9, 2014 - 22:36 EST
After working on retire.js
I decided to take it for a real test run. I setup a node script with phantomjs and scanned the landing page of 150,000 Norwegian domains. These are the results. You will find that a lot of sites are using really old versions of libraries with known vulnerabilities (red means the library has known vulnerabilities). I think this supports the idea that most sites have the jQuery version that was available when the site was first made. Oh, and using a vulnerable library does not necessarily mean the site is vulnerable, but it might be.
October 9, 2012 - 23:25 EDT
The last item on the OWASP Top 10 is A10 - Unvalidated Redirects and Forwards.
September 24, 2012 - 20:33 EDT
The 9th item on the OWASP Top 10 is A9 - Insufficient Transport Layer Protection. This is mostly a browser to server and server to server issue.
August 20, 2012 - 21:14 EDT
August 2, 2012 - 18:58 EDT
June 20, 2012 - 21:32 EDT
How do A4 - Insecure Direct Object References
June 15, 2012 - 17:28 EDT
May 26, 2012 - 23:53 EDT
The OWASP Top 10 is a risk focused list of the top 10 most critical web application security risk.
December 27, 2011 - 15:41 EST
"So now that you've seen how contexts are important when mitigating XSS, I'll give you a new example", David said. "Take a look at the following example from a social networking web site".
April 22, 2009 - 17:28 EDT