Collaborate Disseminate
So, long story short, I was using an automated vulnerability scanner on a website (bounty hunting is allowed and encouraged,) and it works by injecting payloads in forms and URLs etc., to trigger responses that might indicate SQLi, XSS, CS… Continue reading Should an HTTP error 500 triggered by an XSS payload be reported as a potential vulnerability?
On numerous sites (but none specifically), this is what I’m talking about:
I understand the purpose of this, but I don’t really understand how it works. How does it know I’m not s script or program?
It doesn’t have a puzzle captcha that y… Continue reading How do automatic captchas like Cloudfare work? [closed]
This is something I’m wondering but just can’t figure out.
A lot of my somewhat older relatives have pieces of tape over their laptop cameras, and when I asked them why, their somewhat open ended response was “so hackers can’t see me.”
And… Continue reading Likelihood of attackers using the webcam of a compromised machine [closed]
I have heard numerous, numerous times that Googling your password to anything (like is Pass124 a good password), is a very bad idea- and surprisingly there is no question (that I could find) on this site asking why this is.
Some points I h… Continue reading How dangerous is it to Google my password? [duplicate]
When I was originally developing my website, I made sure to include cross-site request forgery tokens in most endpoints and forms, etc., because I knew it was a highly recommended thing to do.
But of course, as time went on and my site gre… Continue reading Does the absence of CSRF tokens need to be fixed as soon as possible?
Firstly, this is purely hypothetical and has not happened to me.
So let’s say that a friend wrote me down a URL he said I should visit, so I type the URL into my address bar but accidentally type a ‘ instead of a ” in a GET parameter, and … Continue reading Is accidental “hacking” illegal? [closed]
A few days ago, I thought of an idea that I haven’t heard of being implemented into SQL databases (not that I know a lot about the topic)- and I want your opinions on whether it is any good- and correct me if I’m wrong about it not already… Continue reading Could post-execution filtering help stop SQLi data theft?
There would be absolutely no reason to access my website through Tor. It is just a plain old website that has no (controversially or politically) interesting information and is primarily used for work.
But in a traffic analysis I have cond… Continue reading Is it normal or concerning that a significant number of users are accessing my website through Tor? [migrated]
The Secure Enclave is isolated from the main processor to provide an extra layer of security and is designed to keep sensitive user data secure even when the Application Processor kernel becomes compromised.
This information is sourced A… Continue reading How do regular software updates to Apple’s secure enclave remain secure?
There are plenty of questions on this site about how to report a vulnerability (such as SQLi or XSS,) but none of them really answer my question of who to.
I understand for a big corporation (although not all,) such as a government website… Continue reading If a vulnerability is discovered on a website, is it better to contact the business owner or site designer/owner? [closed]