Rapid7 released four notifications on Wednesday, addressing six vulnerabilities in Network Management Systems offered by Opsview, Spiceworks, Ipswitch, and Castle Rock. Network Management Systems, commonly used to track networked assets using protocols like SNMP (Simple Network Management Protocol), are an easy way to catalogue basic details about connected systems; admins use them to get hostnames, […]
Since Monday, security pros can add another XSS-finding tool to their arsenal, as Netflix has open sourced their cross-site scripting payload management framework dubbed “Sleepy Puppy.” Sleepy Puppy is meant to address the biggest problem with identifying omnipresent XSS issues: finding them not only on targeted applications, but also on others that are not available […]
First, a quick review of Cross Site Scripting. Imagine that I want to get your website to serve up malicious content for me. Say, perhaps, that I want to alter your “Pay Now” page so that the customer sees a credit card payment form that comes from you, looks legitimate, seems secure… …but sends the […]
Latest Comments