Browse medical articles by letter, category, and search. Built for large health libraries.
A Cash Overflow attack is a Denial of Service attack specifically aimed at exceeding the hosting costs for a cloud application, either essentially bankrupting the service owner or...
Certificate and Public Key Pinning is a technical guide to implementing certificate and public key pinning as discussed at the Virginia chapter’s presentation Securing Wireless Channels in the Mobile...
In many systems, a User’s email address is used for identity. The process below is the recommended method to implement in a system to handle the...
If you are curious, please have a look at this study by Microsoft Research in 2009 and this study performed at Google in 2015. The accompanying Security blog update includes an infographic...
CI/CD pipelines and processes facilitate efficient, repeatable software builds and deployments; as such, they occupy an important role in the modern SDLC. However, given their importance...
Clickjacking, also known as a “UI redress attack”, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a...
Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. This type of attack exploits...
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks...
Comments injected into an application through input can be used to compromise a system. As data is parsed, an injected/malformed comment may cause the process to...
Modern software is assembled using third-party and open source components, glued together in complex and unique ways, and integrated with original code to provide the desired...
This cheat sheet is intended to provide guidance for developers on how to defend against Clickjacking, also known as UI redress attacks. There are three main mechanisms...
Content spoofing, also referred to as content injection, “arbitrary text injection” or virtual defacement, is an attack targeting a user made possible by an injection vulnerability...
