It’s been a crazy month, so much going on! I had the pleasure of presenting my updated “Cracking into embedded devices” presentation at Hack.lu (Luxembourg) and Hack in the Box (Malaysia). I also had to give a talk on PCI DSS in London, which was a challenge as PCI DSS is not the most fun topic for me, trust me!
The best thing about assisting these kind of events is the technical discussions and exchange of ideas with not just other presenters but also attendees. [...]
So we all know about cross-domain vulnerabilities that allow attackers to run code within the security context of the target domain. Typically, they are either a XSS bug on the server-side application, or a bug in the client (web browser plugin or web browser itself). Most of the times, these vulnerabilities require some type of interaction from the victim user. i.e.: being tricked to click on a link or visit a malicious page.
Now, most techies are familiar with bookmarklets. [...]
test your web apps with websecurify application security testing runtime