Troy Hunt

NOVEMBER 14, 2017

I run a workshop titled Hack Yourself First in which people usually responsible for building web apps get to try their hand at breaking them. That's pretty much XSS 101 - just get an alert box to fire - and reflecting a script tag is one of the most fundamental techniques attackers use to run their script on your website. Using Nonces.

Analytics 87

Analytics Libraries IT Risk 87

ForAllSecure

SEPTEMBER 21, 2021

Some of those who bought the spyware were allegedly able to see live locations of the devices, view the targets emails, photos, web browsing history, text messages, video calls, etc. Black Mirror brainstorms, a workshop in which you create Black Mirror episodes. And it's not just Microsoft.

Passwords 52

Passwords Access IoT IT 52

Troy Hunt

FEBRUARY 11, 2018

This tag was in the source code over at secure.donaldjtrump.com/donate-homepage yet it was pulling script directly off Igor Escobar's GitHub repository for the project. You can safely use an integrity attribute on your script tag because if ever we want to change the implementation, we'll simply rev the version. from its current state.

Libraries 97

Libraries Risk Government IT 97