Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Cross-Site Scripting

Below you will find reports with the tag of “Cross-Site Scripting”

image from 2024 Open Source Security and Risk Analysis Report

2024 Open Source Security and Risk Analysis Report

This report uses data from the Synopsys Black Duck Audit Services team’s analysis of anonymized findings from 1,067 commercial codebases across 17 industries during 2023. The Audit Services team has helped security, development, and legal teams around the world strengthen their security and license compliance programs for over 20 years. The team audits thousands of codebases for our customers each year, with the primary aim of identifying software risks during merger and acquisition (M&A) transactions.

(more available)
Added: March 5, 2024
image from Hacker Powered Security Report 2023

Hacker Powered Security Report 2023

The 7th annual Hacker-Powered Security Report goes deeper than ever before with customer insights, in addition to the opinions of some of the world’s top hackers. We also take a more comprehensive look at the top ten vulnerabilities and how various industries are performing when it comes to incentivizing hackers to find the vulnerabilities that are most important to them.

(more available)
Added: December 15, 2023
image from Prioritization to Prediction, Vol. 9

Prioritization to Prediction, Vol. 9

This latest installment of the Prioritization to Prediction research series, created by the Cyentia Institute and sponsored by Cisco (formerly commissioned by Kenna Security), does just that: It explores the KEV and gives some context to what it means (and doesn’t mean) for other organizations. Moreover, we demonstrate how the KEV can fit into any risk-based vulnerability management program. In fact, here are some key findings, but you’ll really want to read the whole report to get the good stuff.

(more available)
Added: August 7, 2023
image from The Invicti AppSec Indicator 2023

The Invicti AppSec Indicator 2023

In our bi-annual AppSec Indicator report, we uncover insights and trends to guide best practices in vulnerability identification and remediation. For this year’s Spring edition of the Invicti AppSec Indicator, we analyzed data from 1.7 million scans conducted by the 1,700 customers that use our cloud dynamic application security testing (DAST) offering, representing approximately half of our entire customer base.

(more available)
Added: May 11, 2023
image from 2020 Open Source Security and Risk Analysis Report

2020 Open Source Security and Risk Analysis Report

The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape.

(more available)
Added: July 31, 2020
image from State of Open Source Security Report 2020

State of Open Source Security Report 2020

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data.

(more available)
Added: June 25, 2020
image from The 2019 Hacker Report

The 2019 Hacker Report

The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms.

(more available)
Added: June 23, 2020
image from Beginner's Guide to Brute Force & DDoS Attacks

Beginner's Guide to Brute Force & DDoS Attacks

This report offers advice for what to do when the barbarians are at your door…

Added: February 27, 2019
image from "Anonymous Slovakia" Targets NATO and EU Sites

"Anonymous Slovakia" Targets NATO and EU Sites

From the report, “On November 26th, Slovakian Anonymous leader ‘Abaddon’ posted in the deep web message board ‘Hidden Answers’, looking to recruit accomplices for an operation targeting NATO and EU websites. The proposed attacks would potentially arrive by means of XSS (cross-site scripting), SQL injection, or a combination of both. And by DDoS (distributed denial of service), a type of attack that is intended to make an online resource unavailable to its legitimate users by overwhelming it with traffic. It is not yet clear what the motives for the operation are, or what the official name will be.”

(more available)
Added: January 31, 2019
image from State of the Internet - Security Q4 2016 report

State of the Internet - Security Q4 2016 report

Contributors to this paper include security professionals, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group.

(more available)
Added: October 25, 2018
image from A Step Further - Demystifying XSS

A Step Further - Demystifying XSS

This report provides helpful information on XSS.

Added: October 23, 2018
image from Threat Advisory: Ticketac Mobile Apps

Threat Advisory: Ticketac Mobile Apps

This is a threat advisory for Ticketac Mobile Apps

Added: October 22, 2018
image from Combating Web Scraping In Online Businesses

Combating Web Scraping In Online Businesses

This report takes a look at the harmful practice of web scraping.

Added: October 20, 2018
image from March 2018 AppSec Intelligence Report

March 2018 AppSec Intelligence Report

This monthly report details Application Security obvservations from March 2018.

Added: October 20, 2018
image from CISO Tips: Speaking the language of business

CISO Tips: Speaking the language of business

What’s not open to discussion is that the role of information security executives has evolved. CISOs may now find themselves talking to investors about how an attack impacted quarterly earnings in addition to more traditional duties like managing a SOC.

(more available)
Added: October 17, 2018
image from Past And Present Of Underground Network Industry

Past And Present Of Underground Network Industry

This document presents the definition, category, means, and examples of the underground network industry, as well as protection measures.

Added: October 17, 2018
image from CakePHP Security Assessment

CakePHP Security Assessment

This report is based on a study done in 2017 to analyze security issues in CakePHP.

Added: October 14, 2018
image from 2018 State Of Bug Bounty Report

2018 State Of Bug Bounty Report

This annual report takes a look at the bug bounty industry in 2018.

Added: October 12, 2018
image from Hacking Is Not Random:A Case Control Study of Webserver Compromise Risk

Hacking Is Not Random:A Case Control Study of Webserver Compromise Risk

This paper investigates many observable characteristics of web-servers that may affect the likelihood of compromise.

Added: October 12, 2018
© Cyentia Institute 2025
Library updated: June 21, 2025 12:08 UTC (build b1d7be4)