Collaborate Disseminate
I’ve been working long time on a web application, consisting of a large amount of data and many services and also communicating with external services.
Now that I’m very happy with the functionality and reliability, before moving from an … Continue reading Planing the security for a public web application, any feedback?
Today I found out that the URL of Instagram private accounts’ images and the URL of files I sent to my cousin in Discord are accessable even if I am not logged in or even on my phone using a VPN. For example the following link is an image … Continue reading How do applications like Instagram and Discord secure users’ resources? [duplicate]
So i’ve been trying to learn cache poisoning for a while and today i thought i finally found a vulnerable instance. Everything seems to be working even tho it doesn’t. Like, 416 response is cached, age is 64. But when i visit it on the bro… Continue reading Is this web cache poisoning attempt correct?
I was watching this video https://www.youtube.com/watch?v=Qm7k1CPFkIc about how to steal passwords and the guy mentioned that you can use shodan.io (a site that lists various devices connected to the internet) to find a database you can ea… Continue reading Do web-hosting sites like Heroku or Railway expose your database?
I have a cloud-hosted server that I can Remote Desktop into. I have a web application that is hosted on this server via IIS. I also have a backend server on this same server that runs to get backend data to the web application. The data is… Continue reading Implications of accessing a web app via a VPN
We use Stripe to collect payments and deposits on our cottage rental website, and in the last 3 days, an unknown user attempted to make $US 1.00 hundreds of time within < 48 hours. I don’t understand what is the goal behind these one d… Continue reading Why would someone attempt hundreds of $1.00 payments using our Stripe integration on our website? [closed]
Burp Suite detected a reflected XXS, if I use the Repeater and send the request the payload shows up in the response unfiltered, but if I visit the url it gets filtered, is there a way to bypass it or make it work? Thank you (if I show the… Continue reading Reflected XSS detected by Burp Suite not working
Let’s say I have 2 SPAs (single page applications), SPA A and SPA B.
I want to share data between the 2 applications for an end-to-end flow.
How can I safely share data such that it would not be susceptible to a MITM attack. Even if the da… Continue reading How to safely share data between 2 SPAs?
For a web app that will get heavily attacked, I figure one very useful tool will be audit tracking of what occurred for both getting a better picture of attacks and , if the worst happens, learning exactly what went down to both mitigate t… Continue reading Audit tracking for web users [closed]
I am currently creating an app to help with retail management. As you may be able to imagine, user authentication is of great importance as the app will store all kinds of sensitive information such as financial records, inventory status, … Continue reading A Hybrid Authentication method. (JWT, MFA, Cookies, Sessions) [closed]