New Can I Trust Test Case: Browser returns secret out of pre-cached response in a CORS-Request
A new Can I Trust Test Case ist available.
This time the topic is the following:
If a browser does not retrieve a Cache-Control-Header after an authenticated request against an API, which subsequently serves a secret content, does the browser serves the cached secret content if a foreign website queries the same API again without authenticating again? Does this work even Cross-Domain?
You will find the answer under:
What is CanITrust.in?
Browsers nowadays have a lot of built-in security features to help make the web more safe by default. Although this is a great thing, unfortunately, different browsers implement these features slightly different than other browsers. And sometimes, the implementations also differ from browser version to browser version.
This is where CanITrust.in comes to the rescue. Inspired by the great caniuse.com, we built an environment to test all those different security features. This web site makes the results available.
Tool Tuesday – sqlmap
Is your web application vulnerable to SQL Injection? With sqlmap you can test it.
Attack Afternoon – CSRF Countermeasures #1
CSRF Countermeasures #1: One possibility to prevent CSRF is the usage of an anti-CSRF token.
Attack Afternoon – CSRF
CSRF stands for “Cross-Site Request Forgery” and is a classic among web application attacks. With this attack, it is possible to perform certain user actions without them noticing it. But how exactly does this attack work?
it-sa 2019 – Lean Application Security
At the it-sa 2019 we will present our innovative consulting concept Lean Application Security.
mgm sp @ Dresden
Our second office is located in Dresden, the capital of Saxony. Come have a look at our office there!