Collaborate Disseminate
I am working on site which returns URL’s argument into <title>URL ARGUMENT</title>, I am trying to bypass XSS filter but in response site just filter any of < > , # , " , ‘ , & this characters.
for example this i… Continue reading Bypass <> XSS , site translate tags
I’m using React.js (with react-router for serving content) for frontend with a golang backend.
For the authentication I’m using JWT. But I’ve now stumbled upon a problem. How do I keep users from accessing some pages? I’ve no problem restr… Continue reading How to restrict pages on React.js using JWT?
Frontend communicates to backend.
I am a developer of frontend and backend.
I want to protect my app (prohibit end user from using my app without paying).
The only thing I have in mind is to have some middle point, some my server.
Frontend… Continue reading How to protect client server app if both: client and server – located on client side?
I have been working on a front end (React) app that sends REST requests to an API end point. I am aware that sensitive items such as API keys should not be stored in front end frameworks (like React, for example),
BUT…
Right now, I am j… Continue reading API key safety in front end app running in localhost
I’m developing application with react and all the main logic is on the client side. I want to force users to use the application only if they paid for the app subscription.
Are there any methods to prevent(or harden the ability to remove c… Continue reading Securing client side code of react application [duplicate]
I’m finding it really hard to find a solution to make secure requests via our API without a potential hacker being able to see sensitive secret information via Google Chrome dev tools (or any browser’s dev tools), as React tends to show ev… Continue reading How do I protect a Laravel backend API from hijacking/CSRF when there is a React frontend?
I’m currently doing a pentest for a client and I’ve come across something new to me. When I log in, I view the username/password values in burpsuite and find they are encrypted using Cryptojs. I’m looking at the debugger in the browser and… Continue reading Can I read environment process variables of a react client in a browser?
Hasura, a service that provides developers with an open-source engine that provides them a GraphQL API to access their databases, today announced that it has raised a $25 million Series B round led by Lightspeed Venture Partners. Previous investors Vertex Ventures US, Nexus Venture Partners, Strive VC and SAP.iO Fund also participated in this round. […] Continue reading Hasura raises $25 million Series B and adds MySQL support to its GraphQL service
I am working on a security testing project, where I have noticed that the form action of a login page takes whatever is fed to URI as a parameter, the respective part of the login page is as follows:
<form action=”/admin/login/?param=W… Continue reading Ways to exploit a form action value when it s reflected from URI on React-Django
After months of testing, Facebook makes its new redesign default for all Facebook.com users. The new redesign brings massive performance improvements, as well as a dark mode.
The post Facebook’s New Redesign Goes Live for Everyone appeared first… Continue reading Facebook’s New Redesign Goes Live for Everyone