Creating a Kanban Board with Vue Draggable

A kanban board is a management tool that tracks and manages the team's activity in an organization or personal projects. It has a sequence of columns with different tracking categories or activities. An example of the Kanban board is the Trello board. ... more

Jscrambler to partner with PCI Security Standards Council to help secure payment data worldwide

Jscrambler has joined the PCI Security Standards Council (PCI SSC) as a new Principal Participating Organization. Jscrambler will help drive the future of global payment security with a strategic level of leadership, participation, and influence with ... more

Three things you need to know about PCI DSS v4.0

The Payment Card Industry (PCI) Data Security Standard (DSS) is a well-known general data security standard that is applicable to all organizations that store, process, or transmit payment card data. It was first released in 2006 by the Payment Card ... more

The new PCI DSS v4.0 Requirements: a checklist to guarantee your company’s compliance

PCI DSS 4.0 contains two new requirements designed to protect against (requirement 6.4.3) and detect (requirement 11.6.1) e-commerce skimming attacks. These two new requirements are a best practice until 01 April 2025, after which they become mandatory ... more

Understanding Routing in Next.js

In this tutorial, you'll learn the basics of how to route pages in your Next.js application. Throughout the course of this tutorial, I'll try to explain the different types of routing available in Next.js and how to use them with the help of an example. ... more

Third-party scripts in e-commerce websites: is payment data at risk?

E-commerce websites are at constant risk of data skimming attacks because of unprotected JavaScript that runs on the payment page. More than 99% of all websites use JavaScript in some form , as it serves many purposes. Some directly, and others via a ... more

How to manipulate DOM using a service worker

[in tech revision] Service workers are JavaScript workers that run in the background of a web page, act as a proxy between the web browser and the server, and can be used to manipulate the DOM (Document Object Model). They can be used to do things like ... more

PCI London 2023: Taming the Client-Side Security Frontier

“I don’t have full control and visibility of third-party scripts on my website.” That is the most common concern we heard from security and risk professionals at PCI London 2023. The event’s theme: “Unravelling PCI DSS 4.0: Making the Great Leap Forward,” ... more

Unit Testing in Angular

Unit testing is an important phase of software development. It helps in adding new enhancements without breaking the existing application features. There are a number of tools and frameworks for writing and running unit test cases. Here in the Angular ... more

The battle for payment card data is taking place in your browser

Millions of people shop online every day using payment cards. The move to e-commerce was accelerated by the pandemic, particularly in companies and areas where an online transactional presence was not originally seen as a priority. And, despite some ... more

Defcon Skimming: A new batch of Web Skimming attacks

Authors: Pedro Fortuna, Pedro Marrucho, David Alves In the last few years, we’ve seen Magecart or Web Skimming Attacks become common. They operate in campaigns, trying to hit as many targets as possible. We’ve seen the modus operandi changing or evolving ... more

Starting OWASP Lisboa: Giving back to the community

It has been almost twelve years since I first attended an OWASP event, the OWASP Summit 2011 in Portugal, and it was memorable. Unlike conferences, which are more formal, the purpose of the summit is to network and share ideas with OWASP volunteers and ... more

Unraveling HTTP Parameter Pollution

In this blog post, let's learn about the lesser known vulnerability known as HTTP Parameter Pollution or HPP, which affects multiple modern applications. We will go over what's the reasons behind this bug, a real-world experience and possible mitigation. ... more

Understanding Context API In React.js

Data is one of the essences of any application. For a web app to be functional it requires the data to flow from one part of the application to another. From a React or Angular application's perspective, for an app to be up and running data needs to ... more

Jscrambler Recognized as a Sample Vendor in 2022 Gartner® Hype Cycle™ for Application Security

Each year, Gartner creates more than 100 Hype Cycles across various domains to help clients track the maturity and future potential of innovations. The Hype Cycle for Application Security, 2022 [1] states that “Client-side attacks have proliferated recently, ... more

Addressing OWASP MASVS-R with Jscrambler

In this post, we will address the role of OWASP’s MASVS-R, the Mobile Application Security Verification Standard, the application standard for mobile applications security, and how we can address it with Jscrambler. This regulation helps developers increase ... more

12 Frameworks for Hybrid Mobile Apps

Working with hybrid mobile app frameworks makes life easier for developers as they are able to write code once and build mobile applications that run on the main platforms with no extra effort. The application will run on Android and iOS and the code ... more

Cross-site Scripting (XSS)

Cross-site scripting is a vulnerability that happens when there’s an injection of malicious code to run on a regular webpage. This piece of code can go on to cause unauthorized actions and access data. Many times, these attacks seem to be a legitimate ... more

Preventing Skimming Attacks and Enabling PCI DSS Compliance

E-commerce skimming, also known as form-jacking or Magecart attacks, represents the majority of criminal attacks against payment card data. They are simple to do and are hidden from the merchant or retailer, and the cardholder. It is for this reason ... more

Getting Started with React Navigation v6 and TypeScript in React Native

When you have a complex mobile application structure or many screens in your application, handling navigation can become tricky. However, with open-source libraries like React Navigation, the process of implementing navigation patterns becomes easier. ... more

10 Classic Games Recreated in JavaScript

Are you a gamer? Are you a child of the 80s and 90s? If the answer to these two questions is yes, this might be the best post you see today. Those classic games you played in the arcade with your friends or relatives at every family get-together aren’t ... more

Application Security in Banking

In recent years, we have seen the technologies used for creating web products develop rapidly, and JavaScript became the predominant language of the Web . In fact, JavaScript is part of 97% of modern websites and every single Fortune 500 company is using ... more

Steganography in Magecart Attack

About a month ago, we came across a report about the discovery of another magecart infection. Even though this infection was first detected in a known consumer electronics retailer, the same skimmer was also detected being used on over a dozen other ... more

Browser-in-the-Browser: A New Wave of Picture-in-Picture Phishing Attacks?

Phishing attacks are a form of social engineering attacks and are responsible for more than 80% of the reported security incidents. In this blog post, we are going to talk about the browser in the browser (BitB) attack and the different approaches used ... more

Working with Angular Local Storage

Storage means a space for putting things for future use. From a web application perspective, storage can be broadly classified into two types: server-side storage and client-side storage. Server-side storage points to the many different types of database ... more

JavaScript Obfuscation: The Definitive Guide (2022)

This blog post aims to provide the most detailed and comprehensive guide to JavaScript obfuscation in 2022. Familiarity with JavaScript and npm is a plus, but not necessary to follow this guide. Let’s get into it! Chapter 1: What is Obfuscation of Code? ... more

Implementing Infinite Scroll with React Query and FlatList in React Native

Infinite Scrolling is a way to implement pagination in mobile devices. It is common among mobile interfaces due to the limited amount of space. If you use social media applications like Instagram or Twitter, this implementation is commonly used across ... more

Development Predictions for 2022

Over the last couple of years, we have witnessed the acceleration of the shift towards digitalization due to the COVID-19 pandemic. And with each new year, come new trends in the software development ecosystem that all developers should be aware of in ... more

Keeping Magecart Off The Holiday Stocking: Quick Guide

What are Magecart web skimming attacks? Magecart is a collective name given to cybercriminals who inject digital credit card skimmers (or web skimmers) into e-commerce and payment websites. Though they've operated since 2015, they’ve gained momentum ... more

How To Protect Your Code While Using Gulp

As the web development ecosystem grew, with frameworks and libraries becoming the status quo , build tools quickly became an essential part of the dev toolchain. Gulp has been one of the most widely adopted task runners, as it provides lots of flexibility ... more