Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ivan Zhuravlev2013-01-23 04:08:00
Information Security
Ivan Zhuravlev, 2013-01-23 04:08:00

Will Habr be interested in post(s) about web vulnerabilities?

Greetings! If you write not about new attack vectors, as they usually do, but about real cases of various vulnerabilities in different companies, including large ones, sometimes even with little information about how everything is arranged inside them.
The goal is to pay attention to common errors and in what situations they appear'
In general, recommendations / advice for developers, but not in the style of "what is an injection and how can it be filtered", but in the style of "one of the most popular vulnerabilities on websites is a form of recovery password" or, for example, how financial losses are caused due to a simple SMS notification, a description with examples. The PL and the database will be different in the examples, there are many examples.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

7 answer(s)
Report
R
rainwall, 2013-01-23
@InteractiveTechnology

As a web developer, it's always interesting for me to read about vulnerabilities so that I don't make such mistakes myself.

Report
A
Artur Smirnov, 2013-01-23
@wisd

habrahabr.ru/qa/32857/

Report
B
betal, 2013-01-23
@betal

A touchy subject, never write about vulnerabilities 0day, until the developer fixes or vulnerabilities that can lead to total hacks and thereby bring losses to many. And so this topic is certainly interesting.

Report
L
la0, 2013-01-23
@la0

A UFO will come and strongly recommend to rub everything nafig.
So it was with me, after removing the details I was simply downvoted.

Report
O
OnYourLips, 2013-01-23
@OnYourLips

If you write not about new attack vectors, as they usually do, but about real cases
It would be interesting to read about new and atypical errors.
It is absolutely not interesting to read about another SQL injection or a missed permission check, which is usually written about.

Report
S
Sergey Petrikov, 2013-01-23
@RicoX

Although I am not a developer, I have to do pin-testing of servers, it will be very interesting, I fully support it. As already said above, only not SQL injection and XSS.

Report
S
Sergey, 2013-01-23
@bondbig

Yes

Similar questions
D
Dmitry Logvinenko2016-11-03 00:18:39
What password manager do you use on Linux/Android? 9Reply
P
PavelScron2016-11-04 18:45:29
How not to give access to vget? 3Reply
D
DVoropaev2019-04-03 21:44:38
What is this type of vulnerability called? 2Reply
N
n1k1t413372016-11-08 21:07:35
What files do ransomware viruses encrypt? 1Reply
H
Hazrat Hajikerimov2014-11-11 15:43:59
Chrome swears at Habra article? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question