- Web Security Researching Malicious Websites: A Few Tips
Malicious sites evade researchers by checking User-Agent and Referer headers, computing redirects via JavaScript, using nonces, and denylisting IPs. Bypass these defenses by faking browser headers,...
- Tools Mitigating Attacks on the Web Browser and Add-Ons
Drive-by exploits target vulnerabilities in browsers and add-ons like Java, Adobe Reader, and Flash. Defense involves sandboxing (Chrome, IE, Adobe Reader X), tightening settings via Group Policy,...
- Web Security Mitigating Attacks on Web Applications Through the Browser
Attackers use browsers as gateways to attack web applications via XSS (executing malicious JavaScript in app context), CSRF (tricking browsers into submitting crafted requests), clickjacking...
- Web Security Three Web Attack Vectors Using the Browser
Three browser attack vectors cause most web-based attacks: social engineering (phishing, fake software installs), attacking web applications through the browser (XSS, CSRF, clickjacking), and...
- Web Security Cross-Side Scripting Demystified
- Web Security NoScript Strengthens Security Even If You Allow Scripting
NoScript's script-blocking requires users to allowlist every site—many automatically click "allow" or uninstall it. If script allowlisting isn't for you, enable scripts globally but keep NoScript's...