Collaborate Disseminate
Gopher protocol is used a lot when exploiting SSRF, but how?
a Gopher URL takes the form:
gopher://<host>:<port>/<gopher-path>
but let’s take this example:
gopher://10.10.10.3:80/_POST%20/login%20HTTP/1.1%0aContent-Ty… Continue reading SSRF trough Gopher
We wan’t to prevent attacks comming in from src attribute "javascript:" but still allow lnline script tags.
Currently the only option is to add sha-hash’s but there are too many inline scripts to do this.
Unfortunately we can’t m… Continue reading CSP: Allow inline scripts while blocking javascript: in iframe src
where can I found an evaluation copy of Boardmaker3 pcb? please !
Before, I used the Boardmaker2 before so I would like to continue with the same category of software but the version 3 is untraceable on the net.
I believe this question is covered as the problem is straightforward. But, as I am building a web service from scratch, I’d like to have some advice on how to do it better.
Let’s say my web service gives some bonus tokens to any new user w… Continue reading How to detect if a user tries to access my web service using proxies/vpn?
I’m currently working on an international marketplace website and trying to decide the appropriate timeout lengths for access and refresh tokens.
We try to do the timeouts to be as strict as possible to make it more difficult for bad actor… Continue reading Best practices for access and refresh tokens timeout lengths [duplicate]
If you are using a scripting language like for example Python for the back-end of a web-service, is there a risk connected to this which is not present if you would use a compiled language?
Take for example this pseudo-code:
password = req… Continue reading Risk of using scripting language on backend?
I want to host some websites served from an isolated VM which is on my home network through port forwarding.
Although I believe this is reasonably safe, I want to physically segment internet-exposed VMs from my main home network. What is t… Continue reading How to isolate VMs with internet exposed websites on my home network?
I’m currently learning React to host a personal website (on an Ubuntu server) and am port forwarding it to allow access from the internet.
However, for security reasons, I’d like one or more pages to only be accessed on my LAN. If an exter… Continue reading Is it possible to disallow external IPs from accessing a page of a React site? [migrated]
I’m trying to figure out what else I should (not) do to reduce the possibility of my web app getting hacked. And like most development efforts, while it would be great to have a security expert on the team, we don’t have it.
My app is writ… Continue reading Will these actions better secure my web app
While testing a web application for rate limiting and IP blocking I noticed the following:
while using 4g through a GSM service provider, the server is blocking me after 300 requests
while using lte through a CDMA service provider, the se… Continue reading Web application rate limiting, IP blocking using different cellular networks