Collaborate Disseminate
I would like to create a secure chat application for multiple users on a device. The user have to login to the app before using the chat application.
My thought was to store a private key in SharedPreferences, check if the device is rooted… Continue reading Secure chat application with multiple users on one device?
I had a hard time convincing a bug I reported that it was a bug bounty program. It seems to be more of a discussion than a question.
Scenario: Users shop on the shopping site. The categories of these purchases are drawn from an endpoint un… Continue reading Does the IDOR vulnerability have to be sensitive data?
I’m working on a big monolithic application which uses thousands of open source/third party libraries. It is painful every time if we need to upgrade or patch a component because of security vulnerabilities, performance, or other reasons.
… Continue reading How to manage the Open Source/Third Party libraries used in a big monolithic application?
This really doesn’t seem safe to me, and I am wondering if there is a MITM attack happening or if this is somehow legit. I am worried something might be happening with my company’s payroll data. Here is my investigation so far:
I am creating a react native mobile application using Expo. This app simply renders information – there is no data collection or entry, no user accounts, no database (other than JSON storage). There is not a single input box in the entire … Continue reading Static react native app security issues
Are libraries inherently more vulnerable than in-house application code?
The speaker of this talk generally advises folks against creating wrapper libraries for Erlang in Elixir rather than just writing the code in Erlang. One of the reaso… Continue reading Vulnerability: Standalone Library vs. Same Code Elsewhere
Is there a burpsuite-like framework for Windows Desktop applications? I.e. I’m looking for something that would allow me to intercept user-input data sent to my application for manipulation to test specific payloads. I’m assuming this woul… Continue reading Penetration testing framework for Windows Desktop applications
I am trying to find bugs in a source code in php and I found this
<?php
$Key=$_POST["key"];
$FileName=$_POST["filename"];
$FileData=$_POST["filedata"];
$Key=(base64_decode($Key));
$FileName=(ba… Continue reading File can upland bug works on my localhost but it’s not working on the server [closed]
I wanted to explicitly define the referrer-policy as "strict-origin-when-cross-origin" in my web application. However, "strict-origin-when-cross-origin" is the browser’s default policy when no referrer-policy is set exp… Continue reading Is it recommended to set Referrer-Policy explicitly when the browsers already has a default policy?
Wasn’t really sure where to ask this but this seemed like a good place to start.
I work in CIS. I have a system where all users request software. I’m looking for a service (API) to call that I can get back information about the matching so… Continue reading Looking for a software directory service [closed]