Collaborate Disseminate
In the interest of security, is it safe to use HTTP (and not HTTPS) on a website where no sensitive information is being transmitted?
On a website that is purely informational, for example, and doesn’t even have the option to make an accou… Continue reading Is it safe to use HTTP if no sensitive information is being transmitted? [duplicate]
I have a question which I didn’t find an answer for :
I have a request like https://mywebsite.com/redirect/**any website to redirect to it**
In the backend, there is a check, where if the website the redirect goes to is the same domain/sub… Continue reading I have an open redirect but it requires referer header
I would like to set up som basic monitoring of outgoing traffic for a number of web applications and api´s running in AWS. E.g.
Ensure specific http headers are in place (Content-Security-Policy and Strict-Transport-Security must be pres… Continue reading Basic monitoring of web applications (http headers, HSTS)
Before any of you answer, "HTTPS is built on top of TLS and everything is encrypted"
I need to specify a very important note: I have FULL access to the client’s machine (Windows)
My requirement is that I need to capture HTTP(s) r… Continue reading How do I capture HTTPS requests with Python if I have full access to the user’s computer
My application uses GET for requests for the main application and POST for the API route.
I’ve read here that best HEAD should be allowed in best practice as crawlers etc can use it and it is generally considered safe (in the way GET is as… Continue reading Safe approach to HTTP request methods with a graphql/API application that only requires GET and POST
So, long story short, I was using an automated vulnerability scanner on a website (bounty hunting is allowed and encouraged,) and it works by injecting payloads in forms and URLs etc., to trigger responses that might indicate SQLi, XSS, CS… Continue reading Should an HTTP error 500 triggered by an XSS payload be reported as a potential vulnerability?
I`m trying to perform a SSRF attack on a Hack The Box machine (editorial.htb). I’m trying to send a POST request using curl with the command
curl –data "hckyou.txt" -X POST http://editorial.htb/upload
The POST request in "… Continue reading Trying to send a POST request using curl to a HTB machine
Content removed because this was spam
If a company creates a self signed Root CA certificate and then install that in their computers’ store for trusted root certificates, then create a leaf certificate and install that on their internal server, then that certificate will be t… Continue reading What is the technical reason why HTTP/3 is not available when certificate is from private CA? [closed]
My question is, if somebody, today, in 2024, sent a password or a credit card number to some random HTTP website just once, how likely is that password or credit card number to be found on a hacker site in the future?
Another way to ask th… Continue reading HTTP: how likely are you to be compromised by using it just once?