A Note on Vendor Application Security

No need for tinfoil hats when it comes to application security, we’re all too painfully aware of what can happen. From data breaches to destructive attacks, the potential impacts couldn’t be more clear. Web applications in particular are interesting because of their exposed position — it’s not uncommon for sensitive web applications to be secured […]

OWASP Top 10 2013 – A10 – Unvalidated Redirects and Forwards

> How did I end up here? Whenever a user is sent to some unexpected (and perhaps malicious) third-party site, an Unvalidated Redirection is said to have occurred. Though it is also known by quite a few other names: unvalidated redirect, open redirection, unvalidated forward, and so on.

F-Secure Radar Login Page Unvalidated Redirect Vulnerability

CVE-2018-6324 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6324 Summary The application will upon successfully logging in redirect the user to a user-controlled destination. A victim user may not recognise that a redirection takes place as they expect to be sent to a new page. Vendor Description F-Secure Radar is a turnkey vulnerability scanning and management platform. It allows you to identify […]

F-Secure Radar Persistent Cross-Site Scripting Vulnerability

CVE-2018-6189 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6189 Summary The application can suggest metadata tags for assets, and in doing so it can execute JavaScript entered previously by a malicious user. Vendor Description F-Secure Radar is a turnkey vulnerability scanning and management platform. It allows you to identify and manage both internal and external threats, report risks, and be compliant with […]