Cross-Site Scripting (XSS) - Security Intelligence

A programmer writing code on a laptop while jotting notes on a piece of paper: application security risk

article

What’s the Best Strategy to Manage Application Security Risk?

To protect their organizations from threat actors targeting software vulnerabilities, security leaders should adopt an integrated approach to application security risk management.

July 6, 2018 | By Hamsa Srinivasan

article

A person holding a smartphone displaying a warning.

news

94 Percent of Web Applications Suffer From High-Severity Vulnerabilities

A recent report revealed that 94 percent of all web applications suffer from high-severity software vulnerabilities, 85 percent of which are exploitable.

April 19, 2018 | By David Bisson

news

A developer writing code: HTTP response headers

article

An Introduction to HTTP Response Headers for Security

HTTP response headers aim to help protect web applications from cross-site scripting (XSS), man-in-the-middle (MitM) attacks, clickjacking, cross-site request forgery and other threat vectors.

March 23, 2018 | By Madhusudhan Rajappa

article

Stock market application displayed on a mobile phone.

news

Mobile Stock Trading Apps Vulnerable to Attack

Over 20 mobile apps commonly used for stock trading are not very secure, according to recent security research.

September 28, 2017 | By Larry Loeb

news

article

A Primer on Cross-Site Scripting (XSS)

XSS is a prevalent web-based exploit in which threat actors inject malicious code into webpages to compromise data or facilitate phishing scams.

July 10, 2017 | By David Strom

article

A piece of graph paper marked with a failing grade in red ink.

news

Mozilla Still Finds Failures in Website Security, Survey Shows

More than 90 percent of the top 1 million websites have failed to adopt adequate website security controls to protect against XSS, MitM attacks and more.

July 6, 2017 | By Larry Loeb

news

article

Inside the Mind of a Hacker: Attacking Web Pages With Cross-Site Scripting

Web application developers must learn to think like cybercriminals to combat the growing threat of cross-site scripting (XSS) attacks.

March 13, 2017 | By Paul Ionescu

article

Google recently announced a duo of new tools, CSP Evaluator and CSP Mitigator, designed to provide developers with a way to visualize and test their content security policy. This should allow developers to build XXS-inhospitable application environments.

news

Extermination Effort: New Content Security Policy Tools Target XSS Cockroach

Google recently introduced new tools for developers to help them create a better web content security policy. Specifically, the initiatives should target cross-site scripting (XSS) vulnerabilities, which Threatpost said are the “cockroach of...

September 29, 2016 | By Douglas Bonderud

news

When it comes to issuing a vulnerability report, security researchers find themselves in a pickle: If they disclose the issue too early, they risk spreading awareness among cybercriminals. If they're too late, attackers will have already exploited it.

news

Portable Problems? New Vulnerability Report Sparks Hacker Hunt

A vulnerability report is designed to alert vendors of potential security issues, but it can also help cybercriminals identify weak spots to attack.

September 13, 2016 | By Douglas Bonderud

news

Cross-site scripting vulnerabilities are, unfortunately, quite common in public-facing applications and websites. Organizations should make an effort to prevent these issues by investing in application security testing methods and tools.

article

How to Protect Your Website From XSS Vulnerabilities With IBM Application Security

Application security practices and tools can help ensure that embarrassing and costly vulnerabilities are shut out of your website or app.

June 1, 2016 | By Erwin Friethoff

article

Fake Android Apps Steal Cryptocurrency Credentials With 2FA Bypass Technique

TCP SACK Panic Flaw Could Compromise Production Linux Machines

Free Decryption Tool Enables Victims of GandCrab Ransomware to Recover Their Files

Outlaw Threat Group Using Botnet to Distribute Monero Miner, Perl-Based Backdoor

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

IoMT Security: A Comprehensive Approach to Mitigate Risk and Secure Connected Devices

High Stakes, Rising Risks: The Ripple Effects of Cybersecurity in the Healthcare Sector

Industrial Control Systems Security: To Test or Not to Test?

Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control

One Big Lesson From the Cyber Range to Help Solve Confirmation Bias

Observations of ITG07 Cyber Operations

Getting Quantum Ready and What This Means for Cryptography

Podcast: Reducing Third-Party Risk

Podcast: Development Agility and Open-Source Vulnerability Prioritization

Podcast: Lateral Movement: Combating High-Risk, Low-Noise Threats

Podcast: Travel Security: Why Data Safety Doesn’t Get a Day Off

Webinar: How to Outmatch Data Security Challenges with Cost-Effective, Practical Strategies

Webinar: Total Recon: See You Online, Richter

Digital Identity Trust at Cyber Week 2019 – Tel Aviv, Israel

Webinar: IBM i2 User Group Webinar: Advance Your Existing i2 Capabilities

Tag: Cross-Site Scripting (XSS)

What’s the Best Strategy to Manage Application Security Risk?

94 Percent of Web Applications Suffer From High-Severity Vulnerabilities

An Introduction to HTTP Response Headers for Security

Mobile Stock Trading Apps Vulnerable to Attack

A Primer on Cross-Site Scripting (XSS)

Mozilla Still Finds Failures in Website Security, Survey Shows

Inside the Mind of a Hacker: Attacking Web Pages With Cross-Site Scripting

Extermination Effort: New Content Security Policy Tools Target XSS Cockroach

Portable Problems? New Vulnerability Report Sparks Hacker Hunt

How to Protect Your Website From XSS Vulnerabilities With IBM Application Security