Surviving the Week 12/7/12, PayPal Fixes Trio of Remote-Access Vulnerabilities

Detecting Successful XSS Testing with JS Overrides with ModSecurity

The following link demonstrate a proof of concept that uses ModSecurity to add defensive Javascript to response pages that will identify when web browsers execute certain code and then; will send back a beacon alert to the web server. NTODefend helps you generate rules for the vulnerabilities detected with NTOSpider.
http://blog.spiderlabs.com/2012/11/detecting-successful-xss-testing-with-js-overrides.html

Attacks – in 2012 & 2013

10 Top Government Data Breaches Of 2012
SQL injection, post-phishing privilege escalation, and poorly secured back-up information all played their part in exposing sensitive government data stores this year.
http://www.darkreading.com/database-security/167901020/security/news/240142846/10-top-government-data-breaches-of-2012.html

Here is a list of the expected “Top 5 security threats for 2013”
http://www.net-security.org/secworld.php?id=14033

PayPal Fixes Trio of Remote-Access Vulnerabilities

paypal

PayPal has repaired three remote-access vulnerabilities found in different areas of its website, including a cross-site scripting (XSS) flaw on its PayPal Community Forum. All three flaws were submitted to PayPal’s Bug Bounty Program.
https://threatpost.com/en_us/blogs/paypal-fixes-trio-remote-access-vulnerabilities-112912

About Dan Kuykendall 173 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.


*