Collaborate Disseminate
I have an input field in a web that is being saved. This field can be shown in other systems that I do not have control over and that’s why I would like to limit what is allowed in this field, although I would like to allow s… Continue reading Which symbols can I whitelist to remain safe against SQL injection, XSS, and all other injections attacks?
I am trying to understand how DOM based XSS work, e.g. from this post, I managed to reproduce it in IE11, but e.g. Chrome and Firefox are immune at least against this exact example.
What happens is that document.baseURI and … Continue reading Is Dom based XSS still a valid security concern in modern browsers?
I have a 3rd party API that I need to connect to and they allow queries that can be formed by changing url parameters.
E.g. /data?startDate=2019-01-01 or /data?name=’John Doe’
It is easy to form these queries by concatenating strings, bu… Continue reading How to protect against injection into a 3rd party REST API?
Same origin policy is an important part of the security model so it is “on” by default for most things, but for the referer it does not seem to be so. The default for browsers seem to be no-referrer-when-downgrade which in pr… Continue reading Why does not Referer header use “same-origin” by default?
Let’s say i have an API at https://mysite/api/getSensitiveData that:
Uses GET
Protected with cookie authentication
Returns JSON with some sensitive data
A bad guy creates a site on his server that has an image tag:
<i… Continue reading Is some kind of CSRF possible using img tag to read sensitive information
We have a system that does async request to backend to get CSRF (via AJAX). The response from the server is a new cookie and a header that we remember in javascript and use later.
It all works fine until we open two tabs, t… Continue reading Is it secure to reuse CSRF token from existing cookie (for a new tab in browser)?
I have heard from my colleagues and some other people on web suggest that it is more secure to run this configuration:
Web server -> Application server -> Database, than this:
Web server -> Database
The reasons th… Continue reading Is web application connected to a database via an application server more secure?
I have seen in many places that people say that headers of the following types is a vulnerability:
Server:Microsoft-IIS/7.5
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET
I can see that this gives the attacker additional information so… Continue reading Is information disclosure in a form of a server header a real vulnerability?
There are many ways how an adversary can pretend that he is a legitimate user (like session cookie stealing, bruteforcing the password and what not), but as far as I can see it should be rather hard for them to go unnoticed i… Continue reading Why attack detection based on the same user request from different places (e.g. by IP) is not widely used?
Ssllabs does not give A+ (highest) rating if the server does not support TLS_FALLBACK_SCSV to prevent downgrade attack. But I am wondering, is it really any useful if the server legitimately provide support only for 3 latest versions of TL… Continue reading Is TLS_FALLBACK_SCSV useless if only TLS (1.0, 1.1, 1.2) is supported?