Identifying Client-Side JavaScript Security Vulnerabilities in SAPUI5 Applications Using SAST
1. JavaScript Client-Side Frameworks These days you can find various popular JavaScript frameworks for creating interactive, eye catching and responsive frontends and user interfaces for your applications. Some of the most popular JavaScript frontend frameworks include Angular, React, Vue.js. Security controls implemented in these frameworks can vary significantly from framework to framework. As frameworks mature, …
Tainted Data and Format String Attack Strike Again
A recent code execution vulnerability (we also call this a code injection vulnerably) was discovered in Palo Alto Networks’ GlobalProtect SSL VPN, a product that handles SSL handshakes and in particular, certain versions of the software running on these products, PAN-OS. The vulnerability was discovered by security researchers Orange Tsai and Meh Chang and documented on their blog. …
Continue reading “Tainted Data and Format String Attack Strike Again”
