-
```
2017-08-18 02:05:14 +0000 --------------------------------------------------------------------------------
ENV:
---
CPLUS_INCLUDE_PATH: "/usr/local/arachni-1.5.1-0.5.12/bin/../system/usr/inclu…
-
I'm guessing that the reason we're forbidding the `cookie` header from being set for cross-origin requests is to prevent session-pinning attacks.
However is there a reason we're forbidding setting th…
-
real world scenario, when changing session identifiers (good practice upon login, to prevent session fixation), Set-Cookie headers should be obeyed.
-
Thanks for submitting your pre-work, but your current submission is incomplete. Your app does not complete all the required stories outlined as part of the prework.
Please review the [prework subm…
-
### Environment
I have configured [libModSecurity (aka v3)](https://github.com/SpiderLabs/ModSecurity/tree/v3/master) and [nginx connector](https://github.com/SpiderLabs/ModSecurity-nginx) on [CentO…
-
I'm not sure if it's possible to properly evaluate the "mouse-click" functionality in OptiKey using an attached mouse, or if the results will only be realistic if an eye-tracker is attached.
I've …
-
CSRF Enabled
When the user post data from unprotected to protected resource. The protected resource redirects the user to login page for authentication. After authentication when it redirects bac…
ghost updated
7 years ago
-
Overview of tested lessons:
| Category | Lessons | Required to Release | Works | #Issue |
| --- | --- | --- | --- | --- |
| Access Control Flaws | Bypass a Path Based Access Control Scheme | no | yes…
-
I was running a scan against Damn Vulnerable Web App. The scan is continuing but I noticed it threw an error.
```
2017-03-30 05:50:13 +0100 --------------------------------------------------------…
-
[Fred Allard](https://jira.spring.io/secure/ViewProfile.jspa?name=psychobaatezu) (Migrated from [SEC-2200](https://jira.spring.io/browse/SEC-2200?redirect=false)) said:
If a user is authenticated in …