Skip to main content

Vanessa Henderson

Posts by Vanessa Henderson
  • Open-source Packages with Malicious Intent

    Why re-invent the wheel? This famous saying is what I think of when thinking about third-party code. Package managers such as npm, RubyGems, and Maven make it so easy to share code that has been written between people that developers use it for tasks as small as checking if a number is positive. This is absolutely great but how many of us stop to think about what exactly is going on behind-the-… READ MORE

Stay up to date on Application Security

  • Handlebars.js Vulnerability Impact Study

    A few weeks ago, I described a cross-site scripting vulnerability in the popular handlebars.js library in my blog post here. A number of other JavaScript libraries and applications were also affected because of copy-and-pasted code and a tendency for developers to include and distribute the JavaScript source files directly in their projects. After following our responsbile disclosure policy and… READ MORE

  • Cut-and-paste component vulnerabilities - A short study of how a handlebars.js vulnerability has spread

    Today, we are going to explore a cross-site scripting vulnerability in the popular handlebars library. The handlebars library provides a logicless templating language that enables you to separate the view and the rest of your code. This library is based off of the popular mustache templating language modified by Yehuda Katz, also known as wycats on GitHub. Over 9,000 people have starred… READ MORE

  • Google authentication and passportjs - A wild goose chase

    As you may remember from my introduction post one of the projects that I'm working on at the moment is SRC:CLRs intranet, dubbed iono. I haven't built iono from scratch, the base code was hacked out by my fellow engineers in a weekend flat, so as you can imagine there are a few issues I am finding trying to pick up where they left off. One of the first things that I was tasked to do with iono… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.