Author : Davide Cavallini Today I will try to use the same dialectic ( as previously done in the article on SQL injection ), and explain in a simple way what Cross Site Scripting is. Cross-Site Scripting, also called XSS, is a type of attack that isn’t directed at the server, like SQL injections, but at the client. It’s a JavaScript-based attack that runs in the user’s browser ( Chrome, Firefox, Internet Explorer, etc. ) when a website is visited. This may seem like an unhelpful type of attack, as the browser has various protections that protect the reading of local files

Good morning everyone. I’m Davide Cavallini, a web developer and penetration tester. Today I’m going to talk about injections. There are various types, but what does it conceptually mean to inject? I’ve thought about it, and I think I have a universal answer. Injections explained simply Let’s take a simple example. We have a request to submit to the municipality to obtain a certificate. The request form is this: Normally, the form should be filled out by writing your name in the space provided. The name itself, in computer jargon, is defined as a “ parameter ”, as it is precisely a

In the vast landscape of computing, increasingly insidious threats emerge that jeopardize the online security of both companies and ordinary users. In this context, phishing attacks represent one of the greatest dangers, capable of deceiving even the most vigilant and informed individuals. Recently, our Red Hot Cyber team, comprised of S.D., who wishes to keep their identity confidential, Davide Cavallini, penetration tester and programmer, and Davide Santoro, cybersecurity analyst, made a surprising discovery in the Italian cybersecurity landscape. It’s a particular phishing attack characterized by a sophisticated deception technique and likely originating from Iranian regions. This attack stands out for its insidious