web-application

  1. Is it good or bad practice to allow a user to change their username?

  2. Is the OWASP recommendation regarding localstorage still valid?

  3. Important data can be modified from the developer console. What should I do?
  4. Dotdotpwn - Different text patterns

  5. Is BASIC-Auth secure if done over HTTPS?

  6. Finding websites protected by Web Application Firewalls
  7. My website is blacklisted by Kaspersky. Does that mean it's infected?
  8. Are there any good instant messaging applications with a good end-to-end encryption to its web application?
  9. Why isn't ASP.NET source code compiled before it is published?
  10. How to detect anomalous activity in web server traffic?
  11. How can I edit HTTP request in OWASP ZAP and send the edited request?

  12. DVWA setup on XAMPP writable folder and writable file problem
  13. HTML login form without a CSRF protection

  14. do I need to restrict origin in an API app?

  15. CSRF attack on file upload functionality
  16. Is it more secure to close port 80 and leave port 443 open

  17. A password substitute?

  18. How to proceed with IoT Vulnerability assessment?
  19. AWS Tenant Restrictions

  20. Secure flag for ASPXAUTH Cookie in MVC
  21. What features should I look in vulnerability testing services?
  22. Why does OWASP ASVS require HTTP responses to have a content header specifying a character set?
  23. What is the difference between local file inclusion (LFI) and remote file inclusion (RFI)?

  24. How should multiple system-generated, centrally managed passwords be distributed securely (if at all)?
  25. Equifax Data Breach 2017
  26. Web App Pentesting: When enumerating website directories and files, how to tell if HTTP 200 is a valid page, or a failure page?

  27. Reports all pending, and debugging, in Tenable.io Web Application Scanning
  28. How to bypass mysql_real_escape_string to exploit a SQLi vulnerability?

  29. How to scan PHP code for vulnerable functions?

  30. What provides better safeguards against decryption/hacking: HTTPS or a well-made mobile app?
  31. Security of assets/media on s3
  32. Connecting Web Application Server to MySQL Server over the internet
  33. userWorkstations attribute in AD preventing users from logging into WebApp
  34. Reflected XSS script passing through URL how to make it work and what are the preconditions for it to work?

  35. Better techniques than url parameter encryption

  36. Is it secure to share an access token via HTML5 messaging API between various iframes?

  37. What are the risks with using the same token for Mobile auth and Web auth?

  38. Remote OS command injection - tests
  39. Protection against Mirroring Proxy Server

  40. Definition of Idle Timeout

  41. Direct Access to Administration Pages ,The web server or application server are configured in an insecure way
  42. Limiting database lookups by token metadata

  43. How to use Burp macros to pass parameters to intruder
  44. Database Error Error: SQLSTATE[23000]: Integrity constraint violation. Is it vulnerable to SQLi?
  45. How to perform attack that requires me to set a CSP on a site I do not control?
  46. BWAPP html injection on level high
  47. Trying to tunnel a reverse shell out of an internal network

  48. How to know if an ASP web page is vulnerable to SQL injection?
  49. How can I test that I have correctly disabled unnecessary HTTP methods?
  50. What’s wrong with in-browser cryptography in 2017?
  51. Do you know any crawler/spider software, which is able to go through an ASP.NET site?
  52. What are the SQL-injections issues of parameterized queries?

  53. Random pages getting created on classic asp site
  54. i have a school laptop can the school see my history if i use a vpn?

  55. Is an IP address blacklist good practice to prevent website attacks?

  56. PHP | Security for allowing user uploads
  57. What a programmer should know before their web service's client audit

  58. Security considerations for a web application without log in feature

  59. How can I find subdomains of a site?
  60. Efficient way for finding XSS vulnerabilities?
  61. Being anonymous on the Internet

  62. Zap Proxy - script to modify headers automatically

  63. Best practices for storing and submitting browser fingerprints to secured endpoints

  64. Do I must require Authentication for resources with an Hash-key?

  65. Automated URL Discovering
  66. Unescaped data in div or p tags, but unable to exploit
  67. Is it possible to hash password using c program before storing it in the MySQL database?

  68. Will "Authorization: Bearer" in request header fix CSRF attacks?

  69. Some bot keeps posting this to my server

  70. Can we drop XP from HTTPS support? If not, when?
  71. Security Sanity Check: Mail gateway management panel protection with HTTPS + SSL Client Certificate Authentication + User/Password Authentication

  72. What is untrusted data

  73. Is ensuring that a random string in a cookie and a header are the same enough to protect against XSRF?

  74. php-reverse-shell in Wordpress can't connect to netcat

  75. Is it possible to securely sign data in a web browser?

  76. Pentesting web applications with unique strings in URL

  77. How to make sure my web application is secured?

  78. Protecting from console attacks

  79. CSRF vulnerability in Oracle ADF web application

  80. Bypass login page with SQL injection
  81. CSRF with special characters in parameter name

  82. Is it safe to store uploaded images as blob data in database?
  83. detecting jquery versions with automated tools

  84. Is it secure to use HttpSessionState.Session to store Identifying Information

  85. Which server is responsible for “security” when ASP.NET Core Kestrel is hosted behind IIS?

  86. Downloading a file on my website, with and without a secret. A room for improvement?
  87. How to inject XSS using Response Splitting in the following scenario?
  88. How do we exchange public key securely in a DV SSL connection?
  89. Secure big, old ecommerce website from XSS?

  90. Security of a sessionID stored in a div in the page source
  91. User can't navigate to webpage through the UI due to permissions, but are able to navigate to page by pasting the URL. How do I protect against this?
  92. Is it safe to set "Access Control Allow Origin" header's value to the "Origin" header's value which is implicitly set by the browser?

  93. Adding Escaped HTML to DOM

  94. Why is PHPs $_REQUEST considered to be evil?

  95. Why should class names be whitelisted?

  96. Is this method of managing storageless session management secure?

  97. Bypass CAPTCHA form made with 100% JavaScript?
  98. Secure flag not set to Cookies in .Net MVC application
  99. How to detect Selenium/webdriver browsing on my site
  100. Do anti-XSS rules of Web Application Firewall break business logic?