search

31-days-of-API-Security-Tips

Bharat Dwarkani shared on Feb 05, 2020
image
github.com
bookmarks
share
favorite_border0 visibility3
favorite_border0 visibility3 share bookmarks

Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty

Bharat Dwarkani shared on Feb 05, 2020
image
medium.com
bookmarks
share
favorite_border0 visibility4
favorite_border0 visibility4 share bookmarks

Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.

Bharat Dwarkani shared on Jan 29, 2020
image
owasp.org
bookmarks
share
favorite_border0 visibility4
favorite_border0 visibility4 share bookmarks

innerHTML is a JavaScript tag whos property is used for DOM manipulation. More specifically, it "sets or returns the HTML content (the inner HTML) of an element." Ordinarily, this property is used to examine the current HTML source of the page, including any changes that have been made since the page was initially loaded. But, it can also be used for Cross-site Scripting(XSS).

Bharat Dwarkani shared on Jan 26, 2020
image
dev.to
bookmarks
share
favorite_border0 visibility6
favorite_border0 visibility6 share bookmarks

A JavaScript Polyglot is a Cross Site Scripting (XSS) vector that is executable within various injection contexts in its raw form, or a piece of code that can be executed in multiple contexts in the application. So, a JavaScript polyglot can be multiple things at once, like a JavaScript/JPEG

Bharat Dwarkani shared on Jan 26, 2020
image
dev.to
bookmarks
share
favorite_border0 visibility4
favorite_border0 visibility4 share bookmarks

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.

Bharat Dwarkani shared on Jan 26, 2020
image
dev.to
bookmarks
share
favorite_border0 visibility4
favorite_border0 visibility4 share bookmarks

How to secure your cookies in ASP.NET and MVC, using Secure and HttpOnly attributes. Also learn about Cross-site tracing and Cross-site request forgery.

Thomas Ardal shared on Dec 19, 2019
image
blog.elmah.io
bookmarks
share
favorite_border0 visibility6
favorite_border0 visibility6 share bookmarks

Nowadays, people are worrying to use the internet due to website security. Internet theft is increasing day by day. Users are trying to mislead the internet in recent years. So it is the developer’s responsibility to the internet well and we don’t want to make the way to malicious activities to take place in our own/undertaking applications.

Puthiya shared on Nov 20, 2019
image
rsagames.com
bookmarks
share
favorite_border0 visibility13
favorite_border0 visibility13 share bookmarks

Over the last few months, some implementations of JSON Web Tokens (JWTs) that have ultimately led to compromise of the web application. Some scenarios include, stealing admin tokens through XSS (detailed in this blog) and forging claims during account registration to create standard accounts with admin privileges.

Bharat Dwarkani shared on Sep 15, 2019
image
medium.com
bookmarks
share
favorite_border0 visibility16
favorite_border0 visibility16 share bookmarks

This article should help you in choosing the right security for your browser-based Javascript or Typescript applications.

Bharat Dwarkani shared on Aug 23, 2019
image
damienbod.com
bookmarks
share
favorite_border0 visibility2
favorite_border0 visibility2 share bookmarks
add