Bug Bounty POC: Reflected XSS in oppo.com

BugBounty: Pantallons POC(Broken authentication and session management)

10 questions to initialize the journey

1. Explain Data and Types? Data can be defined as a systematic record of a particular quantity . In other word data may be defined as character or group of character. -Depending upon types of character data has been divided into following types. 1)Alphabetic data 2)Numeric data 3)Alphanumeric data 2. What is informa tion and information security? -Very structured data for the particular person or organization is called information. -Simply processed data is called information. -information system is associated with input,Process and output. Information security:We must know that information is valuable for any organization and it must be secure to maintain the value of information. security means information should be only accessed by by authorized user and information should not be lost or theft ...

Top 10 Secure Coding Practices

Input Validation: Conduct all data validation on a trusted system (e.g., The server) Identify all data sources and classify them into trusted and untrusted. Validate all data from untrusted sources (e.g., Databases, file streams, etc.) There should be a centralized input validation routine for the application Validate all client provided data before processing, including all parameters, URLs and HTTP header content (e.g. Cookie names and values). Be sure to include automated post backs from JavaScript, Flash or other embedded code Verify that header values in both requests and responses contain only ASCII characters Authentication and Password Management: Require authentication for all pages and resources, except those specifically intended to be public. If your application manages a credential store, it should ensure that only cryptographically strong oneway salted hashes of passwords are stored and that the table/file that stores the passwords and keys is write-able ...

Way to Information security

Search This Blog