Updates
Bright Product Update – August 2021
This blog post announces the August 2021 Update for Bright.We added some new features and product enhancements that will make your experience even better. New
September 16, 2021
AppSec Blog
Application Security news, research, vulnerabilities, DevSecOps, CI/CD tooling, hacking and more
Vulnerabilities
SQL Injection in WordPress websites and how to prevent them
What is SQL Injection in WordPress? One of the most popular open-source Content Management Systems (CMS) is WordPress. WordPress runs millions of websites with an
September 9, 2021
Vulnerabilities
Cross-site scripting in PHP Web Applications
What is Cross-Site Scripting? Cross-Site Scripting (XSS) attacks are a form of injection attack, where malicious scripts are injected into trusted web applications. XSS is
September 9, 2021
Vulnerabilities
Directory Traversal: Examples, Testing, and Prevention
What Is Directory Traversal? Directory traversal, or path traversal, is an HTTP exploit. It exploits a security misconfiguration on a web server, to access data
August 23, 2021
Vulnerabilities
HTTP Request Smuggling: Complete Guide to Attack Types and Prevention
What Is HTTP Request Smuggling? The term HTTP request smuggling (HRS) refers to techniques that interfere with the way in which a website processes sequences
August 23, 2021
AppSec Testing
What is a Security Champion and Why You Need One
While a security culture for a successful DevOps and AppSec programme is important, to succeed, security needs to be top of mind for everyone across
August 16, 2021
Updates
Bright Product Update – July 2021
This blog post announces the July 2021 Update for Bright.We added some new features and product enhancements that will make your experience even better. New
August 2, 2021
Vulnerabilities
Open Redirect Vulnerability: Impact, Severity, and Prevention
What is an Open Redirect Vulnerability? An Open Redirect Vulnerability entails an attacker manipulating the user and redirecting them from one site to another site
July 30, 2021
AppSec Testing
WebSocket Security: Top 8 Vulnerabilities and How to Solve Them
What is a WebSocket? WebSockets are becoming increasingly popular, because they greatly simplify the communication between a client and a server. The WebSocket protocol uses
July 30, 2021
AppSec Testing
SolarWinds Vulnerability: How to Protect Your Organization
The SolarWinds attack was one of the largest nation-state supply chain attacks we have seen to date. The attack originated from SolarWinds’ Orion network management
July 14, 2021
AppSec Testing
SQL Injection in PHP Web Applications
What is PHP SQL Injection? When an attacker exploits a PHP application via an SQL Injection, they can gain access to the application’s database and
July 13, 2021
Vulnerabilities
LFI Attack: Real Life Attacks and Attack Examples
What is an LFI Attack? Local File Inclusion attacks are used by attackers to trick a web application into running or exposing files on a
July 9, 2021
Updates
Bright Product Update – June 2021
This blog post announces the June 2021 Update for Bright.We added some new features and product enhancements that will make your experience even better. New
July 9, 2021
AppSec Testing
Dynamic Application Security Testing (DAST): Ultimate Guide [2022]
What is Dynamic Application Security Testing (DAST)? Dynamic Application Security Testing (DAST) is an Application Security Testing methodology in which the application is tested in
July 7, 2021
Vulnerabilities
XXE Prevention: XML External Entity (XXE) Attacks and How to Avoid Them
XML External Entity Injection (XXE) is one of the most common vulnerabilities. At its core, it’s a web security vulnerability where attackers target and compromise
July 1, 2021
© 2022 Bright Security Inc. All Rights Reserved