Web Security

Phishing attacks

By Thanos Giannopoulos | Terminology and Guidelines | No Comments

Phishing attacks are an example of social engineering, a technique which utilizes psychological manipulation to lure people into performing unwanted actions or disclosing confidential information. Most of the times, phishing attacks trick users into entering their private information in fake websites that impersonate legitimate ones, copying their look and feel. Usually, such an attack is performed through a link to a phishing website that can be found in a phishing email, that is an email which tries to lure the potential victim into accessing a phishing website. Also, a link to a phishing website can be found in the results…

Read More

Content Security Policy

By Linos Giannopoulos | Terminology and Guidelines | No Comments

Content Security Policy (CSP) is a security layer that all modern browsers support with minor differences in regards to how it is being handled [1]. CSP was designed to application attacks such as Cross Site Scripting (XSS) [2] and clickjacking. Notably, such attacks have been popular for more than ten years. A developer can employ CSP to restrict (in a whitelist / blacklist manner) the sources from which the application can receive content. Such content involves several elements: frame-src: which specifies valid sources for nested browsing contexts using elements such as <frame> and <iframe>. img-src: Valid sources for images and favicons. script-src:…

Read More