Collaborate Disseminate
I have to keep a journal of all transactions that are performed in my application. Think of an invoice journal.
What options do I have?
E.g. an option in syslogd, or a table configuration in MySQL would be great.
My goal i… Continue reading Manipulation-save logging
Whenever I need to generate a token (email account confirmation, password reset, remember me cookie, view email in browser etc) I generate a string of random bytes (typically 32 using the Fortuna PRNG) and use PBKDF2 to creat… Continue reading Safe to switch from PBKDF2 to SHA-1 for token verification?
I have web application. I am intercepting the server response in Burp and inserting malicious script into the data field and that is executed on the browser.
Can we say it is a successful MITM attack?
Continue reading MITM attack for xss vulnerability [on hold]
I want to to validate manually SQL and XSS injection for a website after finishing the scan and downloading report.Could you please assist me step by step procedures for the manual validation.
Continue reading How to validate SQL and XSS injection for a website,i need step by step procedure
Penetration testers found out that we allow single quotes in submitted data fields, and want us to apply rules (input validation) to not allow them in any value.
While I’m aware that single quotes are popular for SQL injecti… Continue reading Is single quote filtering nonsense?
I’m looking for someone like NSSLabs, Synack, Tevora, but obviously not these companies.
Continue reading What are some accredited security product testing and validation firms? [on hold]
One of the key security mechanisms for application software is input validation, which can protect the integrity of the system and thwart common injection and denial of service attacks.
Most of the internet can agree that pr… Continue reading What to take into account when validating file upload
Here is a javascript script form (saved as a html by adding . I replace alot of the numbers with “#.”
I’m trying to find someone to tell me how I would go about getting access by cracking the password. I just want to know th… Continue reading Crack Javascript Form Password Protected Form [on hold]
Is the following redirect mechanism exploitable? Meaning redirecting to another domain.
This: https://www.example.com/?return=/info.php
Redirects to: https://www.example.com/info.php
This: https://www.ex… Continue reading Unvalidated open redirect in path of URL
I’m writing a web application which will be able to send signed and encrypted emails to someone else outside my trust boundary. It will also retrieve S/MIME encrypted (and maybe also signed) emails from different accounts.