Validate server certificate’s chain of trust in ajax call [closed]

I’m using ajax to serve some static html pages as modal boxes, I got a report from veracode saying that I should validate the server’s ssl certificate and the chain of trust in the ajax call to ensure there is no man in the middle attacks … Continue reading Validate server certificate’s chain of trust in ajax call [closed]

Can somebody explain why the IP address 192.168.1.1 is apparently "special" and not following the CORS rules?

I asked this question: What would happen if some random webpage made an Ajax request for http://127.0.0.1/private.txt?

The answers/comments confuse me. Am I right in interpreting them like this?

“Even though Ajax requests t… Continue reading Can somebody explain why the IP address 192.168.1.1 is apparently "special" and not following the CORS rules?

Does the HTML password field include any protection against XHR/AJAX exfiltration?

In HTML when we describe a certain field as a password field is it somehow secured against sending out the data via XHR/AJAX/similar technologies?

This is relevant in case we have to deal with script injection and similar at… Continue reading Does the HTML password field include any protection against XHR/AJAX exfiltration?

Is it possible to exfiltrate a router config file to server using csrf ajax?

the curl commend used to download the file

curl “http://192.168.1.1/html/management/downloadconfigfile.conf?RequestFile=/html/management/cfgfile.asp” -H “Cookie: SessionID_R3=dsadwdwqdasdwasdawd” –data “csrf_token=saddasdwa… Continue reading Is it possible to exfiltrate a router config file to server using csrf ajax?

Does OWASP recommend to include a CSRF-token in a header or to use it as a parameter (in a State-scenario)?

The CSRF Cheat Sheet by OWASP, concerning (Anti-)CSRF-tokens is quite confusing.
For a State(ful)-scenario (the Synchronizer Token Pattern), they write:

… for AJAX calls it is recommended to add in parameter than in hea… Continue reading Does OWASP recommend to include a CSRF-token in a header or to use it as a parameter (in a State-scenario)?