How a Simple Test Brought Down a Server You sanitized your input fields for XSS? You might have opened a new door for attackers… Imagine this: You’re a developer at your company. After a penetration test, several issues were found in your app, some input fields have no limits on length or content. This leaves […]
Sandwich Attacks: From Reset Password to Account Takeover
Once Upon a Password Reset… You’ve just forgotten your password for a website. No big deal, you click “Forgot Password,” they send you a link, and you reset it. At the time the feature was designed, it was decided that this reset link would include a UUID token. The reasoning seemed sound—since UUIDs are unique, […]