Collaborate Disseminate
By Deeba Ahmed
The web hosting giant GoDaddy has been rattled by an almost two-year-long data breach that went undetected from 2020 to 2022.
This is a post from HackRead.com Read the original post: Hackers Stole GoDaddy Source Code in a Multi-Year Data… Continue reading Hackers Stole GoDaddy Source Code in a Multi-Year Data Breach
I recently came across a php file on a compromised website that had what appeared (in Sublime Text) to be a huge white-space gap. When I run a diff against the original source file I can clearly see the malicious code which is snagging lo… Continue reading Malicious code somehow hidden with whitespace?
By Waqas
The threat actor has dumped a whopping 44.7 GB worth of Yandex data, including its source code repository, on a popular hacker forum.
This is a post from HackRead.com Read the original post: Yandex Source Code Online Leaked, Company Denies Hack
Continue reading Yandex Source Code Online Leaked, Company Denies Hack
There i a website where i send a post request to login to website
Host: example.com
Content-Length:205
..Some other headers
..
__RequestVerificationToken=something&Login.UserName=example&Login.Password=example&X-Requested-With=… Continue reading How to bypass this code to get login to website or to get the unauthenticated URL?
By Deeba Ahmed
Okta has, however, confirmed that attackers couldn’t access its customer data or services. Authentication giant Okta has suffered…
This is a post from HackRead.com Read the original post: GitHub Attack Allowed Attackers to St… Continue reading GitHub Attack Allowed Attackers to Steal Okta’s Source Code
If I am shipping a program to my customers which is compiled with GCC, but I want to test the security of the program using Clang, is this generally okay, or will I miss certain security bugs because I am not testing the exact same output/… Continue reading Is switching my C/C++ compiler for security testing generally reliable?
As far as I know, it is bad to check-in something like a password in a version control system. However, I saw in a project that a private_key.pem file with —–BEGIN RSA PRIVATE KEY—– … content is checked in. For me this smells like … Continue reading Is it safe to check-in a RSA private key?
What are the risks of viewing the source code of malicious pages on Google Chrome?
I want to go directly to view-source:https://example-site.com to visit the sites without rendering anything malicious / executing any scripts.
I am aware th… Continue reading Is Chrome’s view-source dangerous when visiting malicious sites?
As I understand, code obfuscation is used to make reverse engineering difficult/hard for the adversaries/red team.
Now if I use a source code obfuscator where a .C/.CPP file is used as input and an obfuscated .C/.CPP file is generated, sho… Continue reading Code obfuscation and source code repositories
I am interested if it could be possible to validate source code integrity for web apps somehow.
For example:
Developer builds app and sign source code with his private key. Both signature and public key is included in web app.
User fetch… Continue reading Validating web app source code integrity