• About Security Compass

  Security Compass is an industry-leading information security consulting firm, specializing in secure software development and training.

  To request additional information about Security Compass and get started on your strategic security solutions:

  Learn more Contact us

• About SD Elements

  SD Elements makes securing software easier while building compliance into your application.

  To learn more, visit our website.

• Categories

  • Android
  • Apple
  • Application Security
  • Compliance
  • Conferences
  • Events
  • Featured
  • Guest Post
  • Management
  • Mobile Security
  • podcast
  • SD Elements
  • Security Frameworks
  • Training
  • Tutorials
  • Uncategorized
  • Videos
  • Whitepapers
  • Wireless Security

• Tags

  android hacking, iOS hacking, mobile training, pci, requirements, agile, course, free, isc2, linkedin, pci-dss, compliance, pci compliance, whitepaper, mobile hacking, mobile security, pci training, owasp training, regulatory, tailored training, quality, rsa, apple, safety, exploit-me, sector, toorcon, phishing, video, malware, jsf, banking, mobile, research, case study, culture, xss, sd elements, android, sdlc, training, tutorial, mobilesec, owasp, appsec

• @SecurityCompass

  • 8 Ways You Could Get Hacked on Your Summer Vacation http://t.co/vE2PqQnGI0 - posted 2 weeks ago
  • How medical imaging startup Image32 is using SD Elements to build security and compliance in: http://t.co/1uCdyW6SJQ #AppSec - posted 3 weeks ago
  • Security Compass Launches "NFC Village" Hands-On Hacking Lab for North American Information Security Conferences http://t.co/vArwNk3YRE - posted 4 weeks ago
  • 6 Hot Cloud Apps to Boost Your IT Department’s Efficiency and Productivity | SD Elements Blog - Application Security http://t.co/jpHIfPCNjB - posted 4 weeks ago

Tag · xss

Domain-Driven Security

posted on Jan 21, 2011 by seccom 0

by Rohit Sethi and Yuk Fai Chan The Problem We have a pervasive problem in our field. We lump two disparate classes of security weakness together. Some articulate the difference as “business logic” vs. “technical” or “semantic” vs. “syntactic”. I’d like to build on a familiar term to developers: “domain”. Each kind of software weakness…

Tweet

The True Danger of XSS and CSRF

posted on May 15, 2009 by Rohit Sethi 0

In our one-day training classes and conference talks we make judicious use of videos to demonstrate concepts. One of the most popular videos illustrates the true danger of Cross-Site Scripting (XSS) combined with Cross-Site Request Forgery (CSRF). We constructed a fake bank site and demonstrated that a single XSS vulnerability and money transfer functionality in the bank site could…

Tweet