Cross-Site Scripting (XSS) - Security Intelligence

A programmer writing code on a laptop while jotting notes on a piece of paper: application security risk

article

What’s the Best Strategy to Manage Application Security Risk?

To protect their organizations from threat actors targeting software vulnerabilities, security leaders should adopt an integrated approach to application security risk management.

July 6, 2018 | By Hamsa Srinivasan

article

A person holding a smartphone displaying a warning.

news

94 Percent of Web Applications Suffer From High-Severity Vulnerabilities

A recent report revealed that 94 percent of all web applications suffer from high-severity software vulnerabilities, 85 percent of which are exploitable.

April 19, 2018 | By David Bisson

news

A developer writing code: HTTP response headers

article

An Introduction to HTTP Response Headers for Security

HTTP response headers aim to help protect web applications from cross-site scripting (XSS), man-in-the-middle (MitM) attacks, clickjacking, cross-site request forgery and other threat vectors.

March 23, 2018 | By Madhusudhan Rajappa

article

Stock market application displayed on a mobile phone.

news

Mobile Stock Trading Apps Vulnerable to Attack

Over 20 mobile apps commonly used for stock trading are not very secure, according to recent security research.

September 28, 2017 | By Larry Loeb

news

article

A Primer on Cross-Site Scripting (XSS)

XSS is a prevalent web-based exploit in which threat actors inject malicious code into webpages to compromise data or facilitate phishing scams.

July 10, 2017 | By David Strom

article

A piece of graph paper marked with a failing grade in red ink.

news

Mozilla Still Finds Failures in Website Security, Survey Shows

More than 90 percent of the top 1 million websites have failed to adopt adequate website security controls to protect against XSS, MitM attacks and more.

July 6, 2017 | By Larry Loeb

news

article

Inside the Mind of a Hacker: Attacking Web Pages With Cross-Site Scripting

Web application developers must learn to think like cybercriminals to combat the growing threat of cross-site scripting (XSS) attacks.

March 13, 2017 | By Paul Ionescu

article

Google recently announced a duo of new tools, CSP Evaluator and CSP Mitigator, designed to provide developers with a way to visualize and test their content security policy. This should allow developers to build XXS-inhospitable application environments.

news

Extermination Effort: New Content Security Policy Tools Target XSS Cockroach

Google recently introduced new tools for developers to help them create a better web content security policy. Specifically, the initiatives should target cross-site scripting (XSS) vulnerabilities, which Threatpost said are the “cockroach of...

September 29, 2016 | By Douglas Bonderud

news

When it comes to issuing a vulnerability report, security researchers find themselves in a pickle: If they disclose the issue too early, they risk spreading awareness among cybercriminals. If they're too late, attackers will have already exploited it.

news

Portable Problems? New Vulnerability Report Sparks Hacker Hunt

A vulnerability report is designed to alert vendors of potential security issues, but it can also help cybercriminals identify weak spots to attack.

September 13, 2016 | By Douglas Bonderud

news

Cross-site scripting vulnerabilities are, unfortunately, quite common in public-facing applications and websites. Organizations should make an effort to prevent these issues by investing in application security testing methods and tools.

article

How to Protect Your Website From XSS Vulnerabilities With IBM Application Security

Application security practices and tools can help ensure that embarrassing and costly vulnerabilities are shut out of your website or app.

June 1, 2016 | By Erwin Friethoff

article

Attackers Compromise Admin Account to Infect Manufacturing Company With BitPaymer Ransomware

Spear Phishing Report Card: Perfect Scores in School Security Pen Testing

Google 2FA Approach Turns Android Smartphones Into Security Keys

April Scams May Ruin Plans: Threat Actors Ramp Up for Tax Scam Season

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

Challenges and Opportunities to Close the Cybersecurity Gap in the Financial Services Industry

How a Cunning Remote Overlay Malware Met Its Match

The US Is Slow to Adopt EHRs, But That Might Actually Be a Good Thing for Healthcare Security

Challenges and Opportunities to Close the Cybersecurity Gap in the Financial Services Industry

Credential Dumping Campaign Hits Multinational Corporations

Cybercriminals Spoof Major Accounting and Payroll Firms in Tax Season Malware Campaigns

Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control

Podcast: Muscle Memory and Cyber Fitness Training

Podcast: Zero Trust and the Evolving Role of Identity and Access Management

Podcast: Digital Identity Trust, Part 3 — Powering Digital Growth With Digital Identity Trust

Podcast: Monitoring National Cybersecurity Trends With Former NSA Deputy Director Bill Crowell

Webinar: MacOS Management Made Easy with MaaS360

Webinar: Encryption is the Fastest Way to Protect Data

Webinar: Under the Radar: Live Webinar and Demo

Webinar: Facilitating Secure Hybrid Cloud Adoption with Guardium

Tag: Cross-Site Scripting (XSS)

What’s the Best Strategy to Manage Application Security Risk?

94 Percent of Web Applications Suffer From High-Severity Vulnerabilities

An Introduction to HTTP Response Headers for Security

Mobile Stock Trading Apps Vulnerable to Attack

A Primer on Cross-Site Scripting (XSS)

Mozilla Still Finds Failures in Website Security, Survey Shows

Inside the Mind of a Hacker: Attacking Web Pages With Cross-Site Scripting

Extermination Effort: New Content Security Policy Tools Target XSS Cockroach

Portable Problems? New Vulnerability Report Sparks Hacker Hunt

How to Protect Your Website From XSS Vulnerabilities With IBM Application Security