Collaborate Disseminate
Recently I came across a website and when clicking on one of hyperlinks it displayed a HTTP 500 error page as shown in the image, which indicated that it is using Java Server Pages and on line 23 the code read as
Connection con = Driverma… Continue reading Backend database username and password revealed in JSP Page
In the past I have dealt with security issues related to Default Service Banners/Verbose Headers/Information Leakage via HttpResponse Headers. These issues are quite common, and usually look something like this for an Asp.Net – IIS Server… Continue reading HttpResponse Headers Information Leakage on Server Error (Verbose Headers)
I know that HTTP requests made by the site get the browser’s localStorage for a site, and document.cookie is encrypted for HTTPs websites, but I’m still wondering the risk of storing sensitive information, because even if the hacker got th… Continue reading Cookies VS localStorage (JavaScript Security)
Several sites require me to input far too many personal details in order to register. This now includes phone numbers, which they have zero legitimate uses for – they are never used after the initial validation step – but when their databa… Continue reading Which information is disclosed to a merchant when paying online with a credit card?
So I have to deploy a container containing the backend into the clients network, (they have policies about data not leaving premise). But how do i secure my container to prevent the client from getting access to the core code?
Continue reading How to secure container to prevent sensitive information leak? [duplicate]
Say I cloned a repo, then maybe worked on it a bit. Then I reverted/pushed all changes, so my friend has all the repo files. Is it safe for me to send him the .git folder? Is there any private information there, such as my username, my ema… Continue reading Is it safe to share .git folder of a public repo?
My question is more towards how this is implemented. I mean do they expose apis to each other or store data at a common place to be accessed by others. Please excuse me if it seems too naive.
Continue reading How do mobile apps share details with each other to show customized ads
When we want to send a message that contains only a link – such as a question from the Stack Exchange network – WhatsApp displays information from the website as below:
Does this leak information about what was sent, and from who, and to … Continue reading Does WhatsApp’s link preview on the link messages leak information?
Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles. Continue reading Dating Site Bumble Leaves Swipes Unsecured for 100M Users
if the url (generated by me on ngrok and listening to it) supplied in the blocked-uri parameter of another csp report submitted to a sentry server, is getting get requests from cache.google.com and other cache servers like atmc and ncren n… Continue reading Is this usual occurrence or SSRF?