Collaborate Disseminate
I wanted to know if it was a bad thing to have a _csrf token stored in a url. I saw that in a POST request that allows me to upload a file, the _csrf token was displayed in the url. Is it sensitive to store this token in a url. Is there a … Continue reading token _csrf in an url POST
Inadequate Security Policies with Uncategorized Sites
The challenge most email gateways face is how to protect against URL-based threats that exist within a “danger zone”— the period when phishing sites are allowed to sneak into the network as unc… Continue reading The URL “Danger Zone”
Today I saw rather a weird phenomeon, when submitting a request spontaneoulsy.
The URL I typed looked something like below:
https://example.com/en/trade/pro?layout= and when submitted it transformed into https://example.com/en/trade?layout… Continue reading Transformation of an object into parameter value on submission of request [closed]
I have a backend that I developed on PHP/MySql which will provide some URL endpoints in order to get data or post data. I am using those URL endpoints in my application (WebGL application). Now, the problem is, the URL endpoints are public… Continue reading How to secure my PHP url endpoints
I read about referrer header that some sites use to allow only requests made by the pages of the site. So if I make a page hacker.com, and let this page make a request to https://twitter.com/i/flow/add_phone , twitter will refuse this requ… Continue reading How some sites prevent cross-site requests through referrer although there are redirections allowed
Say I own a domain name www.example.com and I’d like to host some resources on it, but being reasonably hidden from the public.
Since a 256 bits has a sufficiently large entropy to prevent an exhaustive traversal, is it correct to consider… Continue reading Random URLs to hide assets [duplicate]
If one is creating pseudo-random base 62 url paths, and one didn’t want those paths to be reasonably vulnerable to brute force attack. How short could they be?
Reasoning
Now one could have expiring short urls and urls expecting to be re… Continue reading How short can a shortened base 62 url path be and be reasonably protected from a brute force attack?
By Ryan Victory, Corelight Security Researcher On June 8, Yunus Çadırcı, a cybersecurity senior manager at EY Turkey released a whitepaper and proof of concept code repository for a newly discovered vulnerability in the Universal Plug an… Continue reading Detecting the New CallStranger UPnP Vulnerability With Zeek
I’ve been looking into my college’s internal alumni network. In that we can send connections to users and when you send a connection request, you’re taken to a url which is: https://www.website.com/yourwall/sent-invite/username/?Sendcon=tr… Continue reading URL editing shows success message, but doesn’t carry out function
I would like to know if this code is secure to validate that a url is from my domain before loading it a webview in android :
if (!url.startsWith(“https://www.example.com/test/”)){
// don’t load the url
dontload = true;
}
It lo… Continue reading Is this url verification with startsWith secure?