In-depth coverage of application security principles, from secure software development lifecycles to penetration testing and code review methodologies. Learn how to identify vulnerabilities in applications and implement controls that protect data throughout the development pipeline.
posts
In March 2021, security researchers discovered that Accellion's file transfer appliance had been exploited through — you guessed it — an SQL injection vulnerability. The Clop ransomware gang leveraged the flaw to steal data from dozens of organizations, including Shell, Bombardier, and multiple U.S. universities. This wasn't
The Attack That Hides in Plain Sight on Your Website In 2018, British Airways disclosed a breach that compromised the personal and financial data of roughly 380,000 customers. The attack vector? A modified JavaScript injected into the airline's payment page — a textbook cross-site scripting attack that skimmed
In 2023, the MOVEit Transfer vulnerability — a SQL injection flaw — led to the compromise of over 2,600 organizations and exposed data on more than 77 million individuals. One vulnerability. One injection point. Billions in damage. And here's what should keep you up at night: SQL injection has
In 2018, British Airways disclosed a breach that exposed the personal and financial data of roughly 380,000 customers. The attack vector? A modified JavaScript injected into the airline's payment page — a textbook cross-site scripting exploit. The UK's Information Commissioner's Office initially proposed a
The MOVEit Breach Started With One Overlooked Web Flaw In 2023, a single SQL injection vulnerability in the MOVEit Transfer web application led to one of the largest mass exploitation events in history. Over 2,600 organizations were compromised. Sensitive data from government agencies, banks, and healthcare providers was exfiltrated
