October 2010
Bypass XSS filters using data URIs
by Vaibhav Sonawane
Data URI, defined by RFC 2397, is a smart way of embedding small files in line in HTML documents. Instead of linking to a file stored locally on the server, the file is provided within the URL itself as a base64-encoded string of data preceded by a mime-type. In this article, we will discuss how data URIs can be effectively used to perform Cross-Site Scripting (XSS) attacks. The information in this article is not new. This is our attempt to explore different ways by which data URI can be used to perform XSS.… more →
Cookie Attributes and their Importance
by Harshvardhan Parmar, GCIH
Cookies are pieces of information stored on the client side, which are sent to the server with every request made by the client. Cookies are primarily used for authentication and maintaining sessions. Hence, securing a cookie effectively means securing a user’s identity. Cookies can be secured by properly setting cookie attributes. These attributes are:… more →
Firewall Rulebase Cleanup - A manual approach
by Ajish T John
The KISS (keep it short and simple) concept rarely works for firewalls due to multi-admin-managed environments and the increase of network-dependent applications. Eventually, the firewall rules increase in number resulting in redundant/shadowed rules, longer troubleshooting time, degraded performance and very often, hidden threats. Hence, to deter the above-mentioned disadvantages, a well-maintained rulebase on Enterprise firewalls is highly desirable.… more →