A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Google has created a new browser API that will help Chrome fight certain types of cross-site scripting (XSS) vulnerabilities, adding another level of protection at the browser level to keep users safe ...

DOM-based attacks are a misunderstood, serious, and pervasive source of risk in contemporary web applications. The language that drives the web, JavaScript, is easy to understand and hard to master; ...

In cyber security, attention is concentrated on the new -- zero-day exploits, for example, are big news and big business. But old threats can still cause big problems for organizations, even when the ...

In today’s digital landscape, web applications are integral to our daily lives, enabling seamless interactions and transactions. However, this increased connectivity also opens the door to potential ...

A new type of cross-site scripting (XSS) attack that exploits commonly used network administration tools could be putting users' data at risk, a researcher says. Tyler Reguly, lead security research ...

Online ad industry moves away from once prolific ads that are now deemed insecure because of DOM-based XSS vulnerabilities. Certain types of online ads that expand, contract and pop-open aren’t just ...

Wix websites are vulnerable to reflective DOM cross-site scripting attack that could give attackers control of user’s websites. Update Cloud-based web host Wix.com is vulnerable to a DOM-based ...

In 2005, a MySpace user named Samy discovered a unique way to expand his buddy list. Within 24 hours, the number of friends on his page grew from 73 to more than 1 million. He achieved this instant ...

Cross-site scripting is a web application vulnerability which allows attackers to execute arbitrary code client-side in a victim's browser, which can lead to browser session hijacking or the theft of ...