Some 80% of applications written in PHP, Classic ASP and ColdFusion failed at least one of the OWASP Top 10, according to new research conducted by Veracode. The app security firm today released a ...

The Open Web Application Security Project (OWASP) has published a new version of its infamous Top 10 vulnerability ranking, four years after its last update, in 2013. The OWASP Top 10 is not an ...

Access control vulnerabilities and misconfigurations occur more often than any other security weakness and took the No. 1 spot on a top 10 list of Web application security risks, according to a draft ...

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are urging organizations to focus on eliminating cross-site scripting vulnerabilities in ...

Netflix released Sleepy Puppy, a cross-site scripting payload management framework, to open source. The tool finds XSS vulnerabilities in secondary applications. Most automated scanning and security ...

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, ...

Salesforce.com patched a cross-site scripting vulnerability on one of its domains that could have led to phishing attacks. Salesforce.com has patched a vulnerability on one of its subdomains that ...