The nVisium Blog

CSAW Qualifiers: Lawn Care Simulator Walkthrough

Published on September 20, 2015 by John Poulin

For those who aren't familiar, CSAW is an annual Capture the Flag (CTF) event hosted by NYU Polytechnic School of Engineering. It is a CTF intended for undergraduate students, but the qualifiers are open to anyone.

This post will walk you through one of the medium-difficulty web-application challenges.


Crossed by Cross-Site-Scripting: Exploring the Impact of XSS

Published on September 11, 2015 by Nikhil Charles

When I started my summer internship at nVisium, I was very new to the world of application security. One of my first tasks was to become familiar with the OWASP Top Ten. It took some time for me to understand the impact of these vulnerabilities, but XSS seemed rather harmless given that all the proof-of-concept exploits were simply alert boxes saying "xss." It turns out, however, that XSS is far more dangerous than it appeared at first glance.

In this post, we'll explore some of the risks associated with XSS and how you can defend your own applications from this type of attack.


The Evil Side of JavaScript: Server-Side JavaScript Injection

Published on August 27, 2015 by Anand Vemuri

Ever since its humble inception, JavaScript has gained a lot of traction in the world of software development. What originally started as an experimental language meant to increase responsiveness in the browser has evolved into a full-fledged language with the capability to produce full stack web applications.


Introducing Django.nV: An Intentionally Vulnerable Django Application

Published on August 13, 2015 by nVisium Team

nVisium is proud to announce the release of Django.nV, an intentionally vulnerable project management application. As with all of the 'nV' suite of applications, Django.nV demonstrates a series of common vulnerabilities in the context of a modern application. The flaws within the application include vulnerabilities ranging from the OWASP Top 10 (Injection, Insecure Direct Object Reference) to some Django-specific issues (Mass Assignment and Insecure Settings).


nVisium Makes Inc.'s 500 Fastest Growing Private Companies

Published on August 12, 2015 by nVisium Team

nVisium is extremely proud to be ranked #431 on the Inc. 500 list of America's fastest growing private companies this year. nVisium has seen a surge in growth over the last few years, with a three-year growth rate of 1,087.4%. As a privately funded and completely bootstrapped company, we attribute this success to several factors.


Mitigating JavaScript context Cross-Site Scripting in PHP

Published on July 30, 2015 by John Poulin

Cross-Site Scripting (XSS) is a vulnerability I personally spend a lot of time researching and writing about. This is largely due to the fact that XSS is EVERYWHERE!

This post will demonstrate how we can mitigate JavaScript context XSS in PHP applications.


Subscribe to our blog updates