Collaborate Disseminate
In case of an automated security scan is it more desirable to get the scanner IP addresses whitelisted in order to possibly find vulnerabilities behind the firewall, or to scan in front of/against the firewall?
Example scena… Continue reading Security scan with, or without, IP whitelisting in the firewall and isn’t that introducing a weak point?
I noticed in several penetration tests that PHP is converting values like 1e9 to 1000000000 while the max accepted string length of this number is 3 (in the database storage and as maxlength property on the HTML forms).
Nev… Continue reading Is the undesirable conversion of a scientific number a vulnerability?
I noticed in several penetration tests that PHP is converting values like 1e9 to 1000000000 while the max accepted string length of this number is 3 (in the database storage and as maxlength property on the HTML forms).
Nev… Continue reading Is the undesirable conversion of a scientific number a vulnerability?