Tag Archives XSS

Thanksgiving is coming (1)

BlackFriday sales have been a huge hit online. There has been a 21.6% year on year growth in buying during blackfriday with sales estimated to be worth $3.34 billion! With the buying going online, there has been an increase in hacks also. Hackers target your website or app with the sole motive of compromising your customers for financial gains. What's…

Manchester Chelsea Everton Vulnerable

There is no number we can put to the combine following of Manchester United, Manchester City & Everton. These football clubs have millions and millions of worldwide following. While these clubs be divided by their fans and beliefs, there is something that unites these clubs: a security vulnerability! Yes, you heard it right. A critical security vulnerability was found by…

Prevent XSS in OpenCart

Common signs of your OpenCart store being vulnerable to Cross-site Scripting is malicious popups, credit card information theft and compromise of username/passwords of your users. While OpenCart takes security very seriously, new security issues may be discovered over time. Poorly coded extensions tend to be the #1 cause of security breaches. In this guide, we'll talk about what XSS is,…

Magento SUPEE-10266 and New Versions: Update Immediately

Magento, one of the most favored e-commerce platforms, is often a target for cyber-criminals. Its huge popularity owes to its strict security practices, a timely update of system core and immediate fixes to security issues. Magento's latest security update contains multiple security enhancements. These updates relate to the Magento Open Source (formerly Community Edition) and Magento Commerce (formerly Enterprise Edition).…

3 Most Common Vulnerabilities found in Joomla

Award winning CMS Joomla is a popular choice for many businesses. Owing to its large user base, this CMS regularly encounters a wide-range of security related issues. In this article, we discuss 3 of the most common vulnerabilities encountered in various Joomla versions in the  past. 1. SQL Injection Vulnerability Recently, Joomla 3.7 became victim to an SQL Injection Vulnerability: CVE-2017-8917. Easily…

Recently, we published an update on a severe Magento vulnerability which was released by the DefenceCode team. Soon after Bosko Stankovic (the Defensecode researcher who discovered this Magento vulnerability) released a follow-up article. Bosko confirms that Magento would be patching these in the upcoming updates. Through this article, Astra aims to explain the severity of these vulnerabilities, and how one needs to…

5 Vulnerabilities 75% Websites Have

Internet Security for online businesses and applications is an ever pressing issue. While organizations are regularly updating their defense mechanisms against rising cyber-attacks, cyber criminals are constantly finding new hack techniques to break into firewalls and steal sensitive information. 2016 witnessed a steep rise in cyber-crime attacks, all the while with no exception of insider threats getting prominent each year. Enlisted below are…

Cross Site Scripting XSS - Astra Security

Cross-Site Scripting (XSS) attacks are stated as one of the most rampant occurring yet easily fixable injection attack faced by e-commerce businesses and a variety of other web applications. From targeting applications built on archaic web technologies to newer ones using rich, client-side UIs, XSS has plagued them all. However, it is imperative to realize that vulnerabilities posing as a…

Magento-Module-XSS-AffiliatePlus-GetAstra.com

A couple of weeks ago, we were performing a security scan for a customer using Magento shop. While auditing their website our team found a critical vulnerability in Affiliate Plus module. According to Affiliate Plus' website, 7000+ stores use the extension. This Affiliate Plus Magento module XSS vulnerability leaves a number of Magento stores vulnerable. About Affiliate Plus Magento Module XSS When logged…

Close