Most endeavors people undertake are subject to the 80/20 principle, sometimes referred to as “the vital few and the trivial many”. Web application security may be said to also be subject to it – most of the attacks can be dodged by hiding the error messages and infrastructure information, getting the auth and session management right, following secure development practice cheat-sheets that abound on the internet – the vital few. Having a Web Application Firewall (WAF) in front of your backend web server and a…Continue Reading “On: DOM based XSS injection. The workings and the protection”