As a security researcher, I regularly come across software vulnerabilities. Some can have a deep and lasting effect on the way customers and clients view the security of the organization and some can ...

I first became aware of cross-site scripting (XSS) nearly a decade ago. At the time, despite being an all too prevalent bug in Web applications, the risk posed by the flaw was of limited value. It was ...

Cross-site scripting (XSS)/SQL injection attacks have been blamed for numerous data breaches, perhaps most notably the nightmare of the Heartland Payment Systems data breach. This type of attack has ...

Google today released to open source security scanning tool called Firing Range, which is designed to test for cross-site scripting (XSS) and other vulnerabilities on a massive scale. UPDATE: A ...

Cross-site scripting (XSS) was, is and probably will be the most popular web application vulnerability to exploit—so it’s good news that Google has developed an internal web application security ...

Cross-site scripting (XSS) is a form of exploit where an attacker somehow places malicious JavaScript into a webpage. It can potentially allow the attacker to gain access to your account, steal ...

Google has openly stated that it takes web security very seriously, but the company might be playing around a bit by releasing a browser-based challenge created to test developers’ understanding of ...

[ UPDATE: Microsoft plans to ship an XSS filter update in June 2010to fix what is hopefully the last attack scenario ] The cross-site scripting filter that ships with Microsoft's Internet Explorer 8 ...

Microsoft has introduced the SmartScreen feature, which has, over time, delivered over a billion blocks to potentially dangerous downloads. To help better protect consumers from malware, Microsoft has ...

Google has openly stated that it takes web security very seriously, but the company might be playing around a bit by releasing a browser-based challenge created to test developers’ understanding of ...