A kanban board is a management tool that tracks and manages the team's activity in an organization or personal projects. It has a sequence of columns with different tracking categories or activities. An example of the Kanban board is the Trello board. ... more
Jscrambler has joined the PCI Security Standards Council (PCI SSC) as a new Principal Participating Organization. Jscrambler will help drive the future of global payment security with a strategic level of leadership, participation, and influence with ... more
The Payment Card Industry (PCI) Data Security Standard (DSS) is a well-known general data security standard that is applicable to all organizations that store, process, or transmit payment card data. It was first released in 2006 by the Payment Card ... more
PCI DSS 4.0 contains two new requirements designed to protect against (requirement 6.4.3) and detect (requirement 11.6.1) e-commerce skimming attacks. These two new requirements are a best practice until 01 April 2025, after which they become mandatory ... more
In this tutorial, you'll learn the basics of how to route pages in your Next.js application. Throughout the course of this tutorial, I'll try to explain the different types of routing available in Next.js and how to use them with the help of an example. ... more
E-commerce websites are at constant risk of data skimming attacks because of unprotected JavaScript that runs on the payment page. More than 99% of all websites use JavaScript in some form , as it serves many purposes. Some directly, and others via a ... more
[in tech revision] Service workers are JavaScript workers that run in the background of a web page, act as a proxy between the web browser and the server, and can be used to manipulate the DOM (Document Object Model). They can be used to do things like ... more
“I don’t have full control and visibility of third-party scripts on my website.” That is the most common concern we heard from security and risk professionals at PCI London 2023. The event’s theme: “Unravelling PCI DSS 4.0: Making the Great Leap Forward,” ... more
Unit testing is an important phase of software development. It helps in adding new enhancements without breaking the existing application features. There are a number of tools and frameworks for writing and running unit test cases. Here in the Angular ... more
Millions of people shop online every day using payment cards. The move to e-commerce was accelerated by the pandemic, particularly in companies and areas where an online transactional presence was not originally seen as a priority. And, despite some ... more
Authors: Pedro Fortuna, Pedro Marrucho, David Alves In the last few years, we’ve seen Magecart or Web Skimming Attacks become common. They operate in campaigns, trying to hit as many targets as possible. We’ve seen the modus operandi changing or evolving ... more
It has been almost twelve years since I first attended an OWASP event, the OWASP Summit 2011 in Portugal, and it was memorable. Unlike conferences, which are more formal, the purpose of the summit is to network and share ideas with OWASP volunteers and ... more
In this blog post, let's learn about the lesser known vulnerability known as HTTP Parameter Pollution or HPP, which affects multiple modern applications. We will go over what's the reasons behind this bug, a real-world experience and possible mitigation. ... more
Data is one of the essences of any application. For a web app to be functional it requires the data to flow from one part of the application to another. From a React or Angular application's perspective, for an app to be up and running data needs to ... more
Each year, Gartner creates more than 100 Hype Cycles across various domains to help clients track the maturity and future potential of innovations. The Hype Cycle for Application Security, 2022 [1] states that “Client-side attacks have proliferated recently, ... more
In this post, we will address the role of OWASP’s MASVS-R, the Mobile Application Security Verification Standard, the application standard for mobile applications security, and how we can address it with Jscrambler. This regulation helps developers increase ... more
Working with hybrid mobile app frameworks makes life easier for developers as they are able to write code once and build mobile applications that run on the main platforms with no extra effort. The application will run on Android and iOS and the code ... more
Cross-site scripting is a vulnerability that happens when there’s an injection of malicious code to run on a regular webpage. This piece of code can go on to cause unauthorized actions and access data. Many times, these attacks seem to be a legitimate ... more
E-commerce skimming, also known as form-jacking or Magecart attacks, represents the majority of criminal attacks against payment card data. They are simple to do and are hidden from the merchant or retailer, and the cardholder. It is for this reason ... more
When you have a complex mobile application structure or many screens in your application, handling navigation can become tricky. However, with open-source libraries like React Navigation, the process of implementing navigation patterns becomes easier. ... more
Are you a gamer? Are you a child of the 80s and 90s? If the answer to these two questions is yes, this might be the best post you see today. Those classic games you played in the arcade with your friends or relatives at every family get-together aren’t ... more
In recent years, we have seen the technologies used for creating web products develop rapidly, and JavaScript became the predominant language of the Web . In fact, JavaScript is part of 97% of modern websites and every single Fortune 500 company is using ... more
About a month ago, we came across a report about the discovery of another magecart infection. Even though this infection was first detected in a known consumer electronics retailer, the same skimmer was also detected being used on over a dozen other ... more
Phishing attacks are a form of social engineering attacks and are responsible for more than 80% of the reported security incidents. In this blog post, we are going to talk about the browser in the browser (BitB) attack and the different approaches used ... more
Storage means a space for putting things for future use. From a web application perspective, storage can be broadly classified into two types: server-side storage and client-side storage. Server-side storage points to the many different types of database ... more
This blog post aims to provide the most detailed and comprehensive guide to JavaScript obfuscation in 2022. Familiarity with JavaScript and npm is a plus, but not necessary to follow this guide. Let’s get into it! Chapter 1: What is Obfuscation of Code? ... more
Infinite Scrolling is a way to implement pagination in mobile devices. It is common among mobile interfaces due to the limited amount of space. If you use social media applications like Instagram or Twitter, this implementation is commonly used across ... more
Over the last couple of years, we have witnessed the acceleration of the shift towards digitalization due to the COVID-19 pandemic. And with each new year, come new trends in the software development ecosystem that all developers should be aware of in ... more
What are Magecart web skimming attacks? Magecart is a collective name given to cybercriminals who inject digital credit card skimmers (or web skimmers) into e-commerce and payment websites. Though they've operated since 2015, they’ve gained momentum ... more
As the web development ecosystem grew, with frameworks and libraries becoming the status quo , build tools quickly became an essential part of the dev toolchain. Gulp has been one of the most widely adopted task runners, as it provides lots of flexibility ... more