- Open-source Packages with Malicious Intent
Why re-invent the wheel? This famous saying is what I think of when thinking about third-party code. Package managers such as npm, RubyGems, and Maven make it so easy to share code that has been written between people that developers use it for tasks as small as checking if a number is positive. This is absolutely great but how many of us stop to think about what exactly is going on behind-the-… READ MORE
Stay up to date on Application Security
- Handlebars.js Vulnerability Impact Study
- Cut-and-paste component vulnerabilities - A short study of how a handlebars.js vulnerability has spread
Today, we are going to explore a cross-site scripting vulnerability in the popular handlebars library. The handlebars library provides a logicless templating language that enables you to separate the view and the rest of your code. This library is based off of the popular mustache templating language modified by Yehuda Katz, also known as wycats on GitHub. Over 9,000 people have starred… READ MORE
- Google authentication and passportjs - A wild goose chase
As you may remember from my introduction post one of the projects that I'm working on at the moment is SRC:CLRs intranet, dubbed iono. I haven't built iono from scratch, the base code was hacked out by my fellow engineers in a weekend flat, so as you can imagine there are a few issues I am finding trying to pick up where they left off. One of the first things that I was tasked to do with iono… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.