Collaborate Disseminate
Log in time outs can be a pain we all know. However maintaining "logged in" status whereby even if I refresh a previously open tab the next day (I hibernate my laptop each night so Chrome does not get shut down) I have full acces… Continue reading My logged in status is being maintained 36 hours after initial login on an online account
I am a complete beginner and have almost no knowledge of encryption.
I have a file transfer website that encrypt the files before saving them in the server then it decrypts the files to be ready to download. The problem is the encryption k… Continue reading How can I encrypt files in a file transfer website? [closed]
Let’s say a website contains the following <script> tag and does not have a CSP blocking any execution here.
<script type="text/javascript">
document.write(location.href)
</script>
At first glance, this code … Continue reading XSS in document.write(location.href)
I need to use Nuclei to create some templates for a site. But to locate the bug, I have to use some information that site returns after the first request. Is it possible to take it from the response and use it in the next request?
Continue reading How to use parameters from response in new request in Nuclei?
I need to use Nuclei to create some templates for a site. But to locate the bug, I have to use some information that the site returns after the first request. Is it possible to take it from the response and use it in the next request?
… Continue reading How to use parameters from response in new request in Nuclei?
I want to know whether a solution I’m considering for a web app is particularly secure / in line with best practices etc.
Scenario – a web application, it’s a stock management app for small retailers. There is an element of sales/customer … Continue reading Query on best practice – using 2FA to self-authorise IP addresses in an allow-list
Let’s say we are the webmaster of example.com, what can we do so our visitior’s ISP know less about the site when the visitors connect to any paths the domain of example.com, like example.com/don-want-the-isp-know/? example.com/ok-to-sha… Continue reading What can a webmaster do to share as little information as possible to the ISP of its visitors? [closed]
I’m making a web application on the MERN stack which stores sensitive user data, in the form of a big block of text.
The encryption method I am using is that when a user registers, a random key is generated (generated key), and using anoth… Continue reading Where or how to persist a decryption key in a React app?
Assuming a SOC in a Big Cap company which has >3000 web applications. Web App scans are performed at the moment, but they scratch the surface as scans are unauthenticated.
As
there is no way SSO will be put on all of these apps (utopic… Continue reading Authenticated application scans across thousands of webapps with different credentials
Is there a best practice IP address that is safe to use as a placeholder in a live public system on the Internet?
e.g. In a similar capacity, the domain name example.com is reserved and can be safely used without risk of this becoming som… Continue reading Which IP address would be most safe and suitable to use as a placeholder in a live system?