temporary_user_name – WindowsTechs.com

What stops a malicious user from hitting an endpoint with falsified data from the console of a webpage?

Posted on March 1, 2024 by temporary_user_name

I’m a little bit of an amateur on API security. I’m building a browser-based puzzle with a leaderboard, and I’m wondering what prevents a user from simply hitting the /success endpoint with data that basically equates to { time: ‘3s’ } aut… Continue reading What stops a malicious user from hitting an endpoint with falsified data from the console of a webpage?→

Is the double submit cookie pattern still effective?

Posted on November 6, 2019 by temporary_user_name

I ran across this OWASP paper and was frankly confused. I thought this pattern was still one of the cornerstone strategies against CSRF but the paper seems to say it’s broken. Should this pattern still be used?

https://www.owasp.org/image… Continue reading Is the double submit cookie pattern still effective?→