Explore >> Select a destination
|
You are here 
|
www.smashingmagazine.com | ||
| | | | |
www.redotheweb.com
|
|
| | | | | As we're reinventing web applications with SPAs and frontend frameworks, we need to reinvent web application security, too. | |
| | | | |
mathieu.fenniak.net
|
|
| | | | | Cross-site request forgery (CSRF) is a type of security exploit where a user's web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs. Here's a brief example of a fictitious CSRF attack against a bank: | |
| | | | |
statuscode.ch
|
|
| | | | | We're constantly working on adding more security features and hardenings to Nextcloud, after all it's your data and it has to be protected properly. While the Nextcloud 9 release fixes a critical security issue (we have informed upstream about this but in the meanwhile recommend upgrading as soon as possible) it also adds another new... | |
| | | | |
www.thezdi.com
|
|
| | | [AI summary] This blog post discusses two critical vulnerabilities in the Logsign Unified SecOps Platform, CVE-2024-5716 (authentication bypass) and CVE-2024-5717 (command injection), which can be combined for remote, unauthenticated code execution. | ||
