Follow

Blog mainly about web applications security as well as other web-related technologies. Written by Japanese web application security researcher.

Owner: yujikosuga

Listed in: Computers

Language: English

Tags: web, security, application, internet

Report it


Site Statistics

Unique Visitors Today:
0
Page Views Today:
0
Unique Visitors this Week:
0
Page Views this Week:
0
Unique Visitors this Month:
0
Page Views this Month:
0
Total Unique Visitors:
3,864
Total Page Views:
6,912
Total Hits Out:
49
Traffic Chart

Latest Blog Posts for Yuji Kosuga's Blog

  • Stored XSS on Facebook Pages Manager
    on Nov 12, 2012 in facebook xss
    Facebook Pages Manager is an iOS application that makes it easier for page admins to view insights, respond to the audience, comment on the pages, etc. There was a stored XSS vulnerability in the versions before 1.4, which was released in the middle...
  • CSRF and stored XSS in Amazon Wishlist
    on Nov 12, 2012 in amazon xss
    The Amazon Wishlist was vulnerable to both CSRF and stored XSS. I discovered these vulnerabilities separately, but I'd like to describe both of them in one blog post here. Even though neither of these vulnerabilities would have had a big impact by th...
  • Stored XSS on Facebook Developers
    on Oct 13, 2012 in bounty facebook xss
    A month ago, I discovered a stored XSS vulnerability on the Facebook Developers website. Even though a developer's page can be only accessed by its application developers, an attacker could easily grant other users permission to view the page by invi...
  • Summary of my vulnerability report during March, 2012
    on May 3, 2012 in security sqlia web xss
    I summarized the number of  web application vulnerabilities that I reported during March, 2012.Reported and fixed: 11 vulnerabilitiesReported but not fixed yet: 6 vulnerabilitiesNot reported yet: 4 vulnerabilitiesThis is the correlatio...
  • XSS vulnerability in about.me
    on Feb 18, 2012 in attack security xss
     About.me was vulnerable to a persistent XSS attack. A malicious user could have activated an arbitrary JavaScript in any visitor's browser.About.me allows users to display their contents from external social media websites such as Twitter,...
  • post4a.js: POST for Anchors to Prevent Referrer Information LeakageLately, much attention has been focused on information leakage stemmed from HTTP Referrer. As far as I saw The Wall Street Journal, I found these articles: Former FTC Employee Files Complaint Over Google Privacy on Oct. 7 Facebook in Privacy Breach o...
  • My dissertation
    on Feb 2, 2012 in security sqlia xss
    This is my dissertation submitted to Keio University in August 2011.A Study on Dynamic Detection of Web Application Vulnerabilities View more documents from Yuji Kosuga...
  • My old presentation about SQL injection
    on Feb 2, 2012 in attack security slide sqlia web
    This is my old presentation that I made for ACSAC 2007 about an SQL injection detection technique. I placed it online simply because I want anyone to use this information more. I'm gonna upload other slides when I come to think they are worthy. Thank...
  • Teach Japanese in the US in this spring
    on Feb 2, 2012 in Diary japanese teaching trip
    This spring, I will teach Japanese at a high school in Memphis, TN. I'm not a qualified teacher but got a chance to support Japanese classes. During my stay there, the school will take spring break for a week. Then I'm going on a road trip to OH, NYC...
  • post4a.js DemoI introduced a small JavaScript library that send a POST request with an Anchor HTML tag in the last post. Today I made the post4a.js project web page with its demonstration in this page.The web page has two demos: one for successfully sending a...
Loading Comments...

Comments

{ds_PageTotalItemCount} commentcomments
{pvComments::date}
{pvComments::comment}

Post a Comment

Close