Questions tagged [websites]

Question 1

I'm working on a web application and came across a scenario where a remember_token cookie is used by itself to authenticate a user on subsequent visits, completely bypassing the need for a password or ...

Question 2

What are the risks of publishing a company's IBAN account number on a public website, as long as the security measures for website maintenance have been taken by the IT supplier that hosts this ...

Question 3

The Guardian says: Many tech experts also argue that apps are generally more secure than websites and allow banks and others to carry out sophisticated ID verification using face, voice and ...

Question 4

I am testing a deep packet inspection based application to block certain undesirable websites in a corporate network, eg gambling - williamhill.es . We do this by matching ServerName (HTTPS) or Host (...

Question 5

I was quite an imbecile for opening this website. It seemed to be some kind of prank, and it was "you are an idiot" song playing. However after looking it up on Reddit, some users said it ...

Question 6

I know that sites can share some information between each other by sharing cookies amongst themselves. They have to be in some kind of agreement with each other I assume? Or can any random site read ...

Question 7

As most people know, it is very easy to modify a webpage’s local cached content (HTML, JS) through Inspect Element or various other means. This could be probably be stopped through something like ...

Question 8

Url requested: https://site.azurewebsites.net/fky_7143_tczf_ohced.aspx?group=CON&branch=A&[email protected]&page=stocks/Bep_EQ32_agepbb_abfgjc_ctkdcem.aspx?veBjt=09983&...

Question 9

I was watching Sun Knudsen's videos and in one of them, he talks about GPG. Specifically, he said that he has 3 locations where he provides fingerprints of his signatures. YouTube, Github and his ...

Question 10

I was happily learning ReactJS when I accidentally clicked the URL for www.someurl.com. After all the redirects, the final page prevented me from leaving using CTRL+W, Windows key, Escape, Opening the ...

Question 11

Polyfill.io is malicious: https://dev.to/snyk/polyfill-supply-chain-attack-embeds-malware-in-javascript-cdn-assets-55d6 https://www.sonatype.com/blog/polyfill.io-supply-chain-attack-hits-100000-...

Question 12

Consider a situation such as: private LAN <-> firewall A <-> DMZ <-> firewall B <-> internet (https://forum.huawei.com/enterprise/en/dmz-and-reverse-proxy/thread/...

Question 13

There are plenty of questions on this site about how to report a vulnerability (such as SQLi or XSS,) but none of them really answer my question of who to. I understand for a big corporation (although ...

Question 14

I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover. Thus I can increase the impact and get more bounty then what they ...

Question 15

I use a password manager and have a browser plugin installed for it to simplify entering passwords into websites. I recently encountered a website (enterprise SaaS solution I use at work), which ...

Stack Exchange Network

Questions tagged [websites]

Is using a remember_token as a primary authentication token considered a critical security vulnerability? [duplicate]

Risk of publishing an IBAN on a public website [closed]

Do many experts argue that apps are generally more secure than websites? [closed]

HTTP-fallback and site settings in Chrome?

Is youareanidiot.cc safe? [closed]

of the cookies created by OTHER websites, which ones would the browser allow a website to access?

Is there any reasonable security reason for an administrator to prevent modification of locally loaded websites?

What could this partially nonsense URL request to my site be? [duplicate]

GPG Impersonation

Site preventing Page-closing, CTRL+W, Window Button, etc

Is polyfill.io still an immediate threat?

LAN and external website [closed]

If a vulnerability is discovered on a website, is it better to contact the business owner or site designer/owner? [closed]

I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover

Why would website block password manager auto-fill?

Hot Network Questions