Session management is tricky. Obviously, caching user credentials is unsafe. Modern websites employ a variety of techniques, most often assigning active sessions a unique identifier, which is called a token. Besides this single and basic strategy, it is necessary to implement additional checks to maximize safety. [Read More]

Find OR fix a vulnerability in the Let’s Talk! server. Be ready to present your findings on April 3rd (after Spring Break). [Read More]

XSS is a popular, and well-known vulnerability. CSRF is less common but just as dangerous, particularly because of the lack of awareness. [Read More]

Previously, we have demonstrated how to use ARP poison attacks to compromise unencrypted communication on local area networks (LAN). The attacks described below are effective over HTTPS traffic from external networks. [Read More]

You’ve discovered a XSS vulnerability on a page. What next? [Read More]