News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

Cross Site Scripting (Persistent) - Prime

Cross-Site Scripting (XSS) is a common web application vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Persistent XSS specifically refers to vulnerabilities where the malicious code persists beyond a single request.

Vulnerabilities

LDAP Injection

LDAP (Lightweight Directory Access Protocol) is a widely used protocol for accessing and maintaining directory information services. LDAP Injection is a type of security vulnerability that occurs when an attacker can manipulate user inputs to construct malicious LDAP queries. These queries can lead to unauthorized access, data leakage, and even complete compromise of the application and its underlying infrastructure.

Vulnerabilities

Cross Site Scripting (Persistent)

Cross Site Scripting (Persistent) occurs when user-supplied input is not properly validated or sanitized, allowing malicious code to be stored persistently on the server-side and later displayed to other users. This malicious code can be executed by unsuspecting users, leading to various attacks, such as session hijacking, data theft, or defacement.

Vulnerabilities

Session Fixation

Session fixation is a vulnerability that occurs when an attacker forces a user's session identifier to a known value. This vulnerability can lead to unauthorized access and session hijacking, compromising the security of a web application.

Vulnerabilities

Cross Site Scripting (Reflected)

'Cross-Site Scripting (XSS)' is a common web application vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. Reflected XSS occurs when user-supplied data is not properly validated or sanitized, leading to the execution of malicious code in the user's browser.

Vulnerabilities

Server Side Include

The 'Server Side Include' vulnerability is a security weakness that allows an attacker to inject malicious code into a web application through improperly configured or unprotected server-side includes (SSI). This vulnerability can lead to unauthorized access, data leakage, and remote code execution.

Vulnerabilities