Article Search Engine

Key Word(s):	Search By:
	All Title Article

Articles tagged with DMITRY KULSHITSKY

OWASP Top 10 and your Recruitment Website - Part 2
4:37pm Thursday 09 December 2010
Tags: recruitment security recruitment websites owasp job boards dmitry kulshitsky security hacking insecure direct object references xss sql injections cross-site request forgery csrf

In part 1 of this series we started a conversation about the OWASP Top 10 most prevalent security vulnerabilities and how relevant these issues were to a typical recruitment web site. In the 2nd part we will review the next 2 items from this list. read more...


OWASP Top 10 and your Recruitment Website - Part 1
8:30am Monday 09 August 2010
Tags: dmitry kulshitsky security recruitment website job board owasp sql injection xss cross-site scripting broken authentication session management login form design hacking website security user authentication

OWASP has recently updated their list of the top 10 most prevalent security vulnerabilities. Since this list covers all major aspects of computer security it is interesting to check what are the issues that are relevant to a typical recruitment website or job board and (exercising the 80/20 rule) what are the key questions we should ask ourselves (or our IT/security staff) to be sure that we don't miss anything critical. read more...


How secure is your Recruitment website? Part 5 - Cross-site scripting (XSS)
8:00am Tuesday 30 March 2010
Tags: cross site scripting xss insecure recruitment websites job board security how secure is your recruitment website defacement dmitry kulshitsky untrusted data

According to OWASP, cross-site scripting (XSS) flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. XSS allows attackers to execute script in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. read more...