Description: Bill Sempf - POINTs of interest - POINTs of interest
food (18461) games (14020) html5 (13155) cloud (8490) c# (3745) biz (844) vb (408) enterprise architecture (185) appsec (26) astw (1)
Bill Sempf
Seeing a couple of vulnerabilities that are higher risk than they used to be floating around out there. They are what the attackers are going after since the focus on AppSec from both backend and frontend libraries are preventing a lot of code injection errors (which is a good thing, don't get me wrong)
Amazing what attackers can do with lacking security headers these days. I recommend securityheaders.com to test your site. Even if you don't go full Content Security Policy, there is a lot that can, and should be done.