Collaborate Disseminate
I’ve got two byte sequences, and I decode them as UTF-8 (in strict mode to be sure they’re valid UTF-8).
Is it correct to assume that, if the bytes are different, the decoded codepoints will also be different?
In other word… Continue reading Is UTF-8 malleable?
I am sending an HTTP request via POST to an API. I’m sending the request via Javascript, so I can’t use an API key to validate the request. I also host the site on Weebly, so the IP address of the requester isn’t unique, so I… Continue reading How can I validate an API HTTP request from JavaScript without using an API key?
I have to keep a journal of all transactions that are performed in my application. Think of an invoice journal.
What options do I have?
E.g. an option in syslogd, or a table configuration in MySQL would be great.
My goal i… Continue reading Manipulation-save logging
Whenever I need to generate a token (email account confirmation, password reset, remember me cookie, view email in browser etc) I generate a string of random bytes (typically 32 using the Fortuna PRNG) and use PBKDF2 to creat… Continue reading Safe to switch from PBKDF2 to SHA-1 for token verification?
I have web application. I am intercepting the server response in Burp and inserting malicious script into the data field and that is executed on the browser.
Can we say it is a successful MITM attack?
Continue reading MITM attack for xss vulnerability [on hold]
I want to to validate manually SQL and XSS injection for a website after finishing the scan and downloading report.Could you please assist me step by step procedures for the manual validation.
Continue reading How to validate SQL and XSS injection for a website,i need step by step procedure
Penetration testers found out that we allow single quotes in submitted data fields, and want us to apply rules (input validation) to not allow them in any value.
While I’m aware that single quotes are popular for SQL injecti… Continue reading Is single quote filtering nonsense?
I’m looking for someone like NSSLabs, Synack, Tevora, but obviously not these companies.
Continue reading What are some accredited security product testing and validation firms? [on hold]
One of the key security mechanisms for application software is input validation, which can protect the integrity of the system and thwart common injection and denial of service attacks.
Most of the internet can agree that pr… Continue reading What to take into account when validating file upload
Here is a javascript script form (saved as a html by adding . I replace alot of the numbers with “#.”
I’m trying to find someone to tell me how I would go about getting access by cracking the password. I just want to know th… Continue reading Crack Javascript Form Password Protected Form [on hold]