Code Audit Archives - 7ASecurity Blog https://7asecurity.com/blog/ 7ASecurity Blog With Cybersecurity Tips and Tools Thu, 09 Jul 2026 13:09:37 +0000 en-US hourly 1 https://7asecurity.com/blog/contents/uploads/2019/06/favicon.ico Code Audit Archives - 7ASecurity Blog https://7asecurity.com/blog/ 32 32 PCI Vulnerability Management: Find, Fix, Verify Cyber Risks https://7asecurity.com/blog/2026/06/pci-vulnerability-management-find-fix-verify-cyber-risks/ Fri, 26 Jun 2026 11:54:43 +0000 PCI vulnerability management is the process of finding, prioritising, fixing, and verifying weaknesses that affect payment environments. It supports PCI DSS v4.0.1, but it requires more than a scan schedule. Teams need asset scope, recurring scans, penetration testing, remediation ownership, and fix verification. Patching is only part of the answer. Teams need proof that the …

The post PCI Vulnerability Management: Find, Fix, Verify Cyber Risks appeared first on 7ASecurity Blog.

]]>
Iframe XSS: postMessage, CSP, Sandboxing, & Clickjacking https://7asecurity.com/blog/2026/06/iframe-xss-security/ Fri, 19 Jun 2026 08:18:21 +0000 Iframe XSS Explained: Trust Boundaries, Messages, and Embedded Content Iframe XSS isn’t one single bug class. It can refer to XSS inside framed content, unsafe srcdoc, user-controlled iframe sources, weak postMessage handling, over-trusted widgets, or parent pages that trust child frames too much. The fix starts with trust boundaries: control iframe sources, sandbox untrusted content, …

The post Iframe XSS: postMessage, CSP, Sandboxing, & Clickjacking appeared first on 7ASecurity Blog.

]]>
Code audit for the Tor Project by 7ASecurity https://7asecurity.com/blog/2026/01/tor-security-audit-by-7asecurity/ Fri, 30 Jan 2026 08:38:00 +0000 For the past three years, the Tor Project has been working to improve the tools, resources, and protocols used to monitor the health of the Tor network. This work aims to strengthen the Tor network's resilience and resist relay attacks. As part of this effort, in July and August 2025, 7ASecurity conducted a code audit of those …

The post Code audit for the Tor Project by 7ASecurity appeared first on 7ASecurity Blog.

]]>
7ASecurity Completes Disguiser Framework Audit https://7asecurity.com/blog/2024/03/7asecurity-completes-disguiser-framework-audit/ Wed, 06 Mar 2024 08:03:47 +0000 About Disguiser   Disguiser is a novel framework that enables end-to-end measurement for accurately and comprehensively investigating global internet censorship practices. It’s challenging to conduct large-scale internet censorship measurement, as it involves triggering censors through artificial requests and identifying abnormalities from corresponding responses. Due to the lack of “ground truth” on the expected responses from legitimate services, …

The post 7ASecurity Completes Disguiser Framework Audit appeared first on 7ASecurity Blog.

]]>