-
XSS injection on emails on our latest ethical hack findings
While doing a basic code review for a client’s web portal (bridging customers and service) we came across potential vulnerabilities which could compromise the system and recommended a proper ethical hack to screen the system. Our team managed to find 25 vulnerabilities including several SQL and XSS injections. We also uncovered an exciting Reflected/Stored XSS […]
-
SQL and XSS injection simplified
Technical jargon can be confusing and security related ones even more. The terms “SQL injection” and “XSS injection” seem funny as the image suggests, but understanding it is a key to resolving the issue. To simplify it in a non technical way, imagine you have a robot which reads instructions via a form and performs […]
-
472 risk points reduced for an accounting application
Around 8 months back we conducted a non-intrusive security audit for an accounting backend application which involved us going through their system and making data classification matrix, supplier/processor list, data flow, network diagrams and conducting fact finding in various areas like application security, data security, infrastructure, access management, monitoring/logging, and organisational policy. At the end […]