Below you will find reports with the tag of “Cross-site scripting” 2020 Open Source Security and Risk Analysis Report The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape. (more available) Added: July 31, 2020 State of Open Source Security Report 2020 The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data. (more available) Added: June 25, 2020 The 2019 Hacker Report The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms. (more available) Added: June 23, 2020 2019 Year in Review: ICS Vulnerabilities The findings in this report are a comprehensive look at ICS vulnerability statistics, including how they affect industrial control networks and whether appropriate mitigation is provided alongside the published advisories. (more available) Added: March 1, 2020 Beginner's Guide to Brute Force & DDoS Attacks This report offers advice for what to do when the barbarians are at your door… Added: February 27, 2019 "Anonymous Slovakia" Targets NATO and EU Sites From the report, “On November 26th, Slovakian Anonymous leader ‘Abaddon’ posted in the deep web message board ‘Hidden Answers’, looking to recruit accomplices for an operation targeting NATO and EU websites. (more available) Added: January 31, 2019 State of the Internet - Security Q4 2016 report Contributors to this paper include security professionals, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group. (more available) Added: October 25, 2018 A Step Further - Demystifying XSS This report provides helpful information on XSS. Added: October 23, 2018 Threat Advisory: Ticketac Mobile Apps This is a threat advisory for Ticketac Mobile Apps Added: October 22, 2018 Combating Web Scraping In Online Businesses This report takes a look at the harmful practice of web scraping. Added: October 20, 2018 March 2018 AppSec Intelligence Report This monthly report details Application Security obvservations from March 2018. Added: October 20, 2018 CISO Tips: Speaking the language of business What’s not open to discussion is that the role of information security executives has evolved. CISOs may now find themselves talking to investors about how an attack impacted quarterly earnings in addition to more traditional duties like managing a SOC. (more available) Added: October 17, 2018 Past And Present Of Underground Network Industry This document presents the definition, category, means, and examples of the underground network industry, as well as protection measures. Added: October 17, 2018 CakePHP Security Assessment This report is based on a study done in 2017 to analyze security issues in CakePHP. Added: October 14, 2018 2018 State Of Bug Bounty Report This annual report takes a look at the bug bounty industry in 2018. Added: October 12, 2018 Hacking Is Not Random:A Case Control Study of Webserver Compromise Risk This paper investigates many observable characteristics of web-servers that may affect the likelihood of compromise. Added: October 12, 2018
2020 Open Source Security and Risk Analysis Report The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape. (more available) Added: July 31, 2020
State of Open Source Security Report 2020 The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data. (more available) Added: June 25, 2020
The 2019 Hacker Report The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms. (more available) Added: June 23, 2020
2019 Year in Review: ICS Vulnerabilities The findings in this report are a comprehensive look at ICS vulnerability statistics, including how they affect industrial control networks and whether appropriate mitigation is provided alongside the published advisories. (more available) Added: March 1, 2020
Beginner's Guide to Brute Force & DDoS Attacks This report offers advice for what to do when the barbarians are at your door… Added: February 27, 2019
"Anonymous Slovakia" Targets NATO and EU Sites From the report, “On November 26th, Slovakian Anonymous leader ‘Abaddon’ posted in the deep web message board ‘Hidden Answers’, looking to recruit accomplices for an operation targeting NATO and EU websites. (more available) Added: January 31, 2019
State of the Internet - Security Q4 2016 report Contributors to this paper include security professionals, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group. (more available) Added: October 25, 2018
A Step Further - Demystifying XSS This report provides helpful information on XSS. Added: October 23, 2018
Threat Advisory: Ticketac Mobile Apps This is a threat advisory for Ticketac Mobile Apps Added: October 22, 2018
Combating Web Scraping In Online Businesses This report takes a look at the harmful practice of web scraping. Added: October 20, 2018
March 2018 AppSec Intelligence Report This monthly report details Application Security obvservations from March 2018. Added: October 20, 2018
CISO Tips: Speaking the language of business What’s not open to discussion is that the role of information security executives has evolved. CISOs may now find themselves talking to investors about how an attack impacted quarterly earnings in addition to more traditional duties like managing a SOC. (more available) Added: October 17, 2018
Past And Present Of Underground Network Industry This document presents the definition, category, means, and examples of the underground network industry, as well as protection measures. Added: October 17, 2018
CakePHP Security Assessment This report is based on a study done in 2017 to analyze security issues in CakePHP. Added: October 14, 2018
2018 State Of Bug Bounty Report This annual report takes a look at the bug bounty industry in 2018. Added: October 12, 2018
Hacking Is Not Random:A Case Control Study of Webserver Compromise Risk This paper investigates many observable characteristics of web-servers that may affect the likelihood of compromise. Added: October 12, 2018
