Collaborate Disseminate
Since a few months, many organisations have urls in incoming mail rewritten to be redirected through a checking service (Outlook Safelinks, Proofoint, FireEye, Black Spider/Forcepoint). Because this makes links in text emails almost unread… Continue reading How to unencode email urls rewritten by Black Spider
I got a Facebook message from a friend, with a link to a supposed YouTube video, but instead it was pointing to plum1998318 dot brizy dot site.
Then I notices that someone posted on this friend’s Facebook wall that he got a message, click… Continue reading Is "brizy dot site" a known malicious website?
We are considering to add the following feature to our web application (an online product database, if it matters):
Instead of uploading an image, the user can provide the (self-hosted) URL of an image. We store the URL instead of the im… Continue reading Security risks of fetching user-supplied URLs
We have a client complaining that there is PII in the browser history (as in the persistent history you get to through your browser’s menu – Ctrl + H in Chrome). For example, the URL for editing a user is something like: https://www.mysite… Continue reading Username in browser history (url) – is this a security problem?
One of my company’s clients recently produced an application security assessment report, noting a list of violations based on OWASP’s top 10 list of web application security risks. One of the violations, based on OWASP’s #3 risk, is that s… Continue reading URL Contains Sensitive Data – Alternative Besides Switching To Post?
Say there is a bank/financial service that wants to have hyperlinks on their secure website/domain (or even in emails they send out to customers). In some of these links there are some long/obscure URLs which link to one of their subdomain… Continue reading Should a bank/financial service use external URL shortener services?
The Grandoreiro banking malware uses remote overlay and a fake Chrome browser plugin to steal from banking customers. Continue reading Overlay Malware Leverages Chrome Browser, Targets Banks and Heads to Spain
I understand when they put a + at the end, URL treats it like a space.
I want to know what — – does. I do know what the “double dash” does. Including the double dash with a “space at the end”. I specifically want to know what a dash-dash… Continue reading In SQL injections why do they put "– -" at the end of the URL?
Is it possible to make my cpanel host a redirect ?,
I received a message from Microsoft that my hosting is used my redirect and I discovered my email has been hacked today.
I am learning about web security, but I’m very confused about URL Encoding.
On PortSwigger, I learned that the URL http://127.0.0.1/admin
can be written as http://127.0.0.1/%2561dmin
by encoding a as %61 and then encoding % again, thus ma… Continue reading How does URL Encoding work?