The anchor (<a>) HTML tag is commonly used to provide a clickable link for a user to navigate to another page. Did you know it is also possible to set the HREF attribute to execute JavaScript. A common technique is to use the onclick event of the anchor tab to execute a JavaScript method when the user clicks the link. However, to stop the browser from actually redirecting the HREF can be set to javascript:void(0);. This cancels the HREF functionality and allows the JavaScript from the … [Read more...] about JavaScript in an HREF or SRC Attribute
static analysis
Does SAST and DAST Really Require Security Experts To Run Them?
There is no argument that automated tools help quickly identify many of the vulnerabilities found in applications today. Tools are typically categorized into one of the following three categories: Dynamic Application Security Testing (DAST) - analyzes the running application. Static Application Security Testing (SAST) - analyzes the source or byte code of the application. Interactive Application Security Testing (IAST) - uses agents installed on the web server to instrument the application … [Read more...] about Does SAST and DAST Really Require Security Experts To Run Them?
Static Analysis: Analyzing the Options
When it comes to automated testing for applications there are two main types: Dynamic and Static. Dynamic scanning is where the scanner is analyzing the application in a running state. This method doesn't have access to the source code or the binary itself, but is able to see how things function during runtime. Static analysis is where the scanner is looking at the source code or the binary output of the application. While this type of analysis doesn't see the code as it is running, it has … [Read more...] about Static Analysis: Analyzing the Options