-
Reported vulnerabilities:
- [x] CSRF (~https://github.com/weaveworks/service/issues/2~ #1072)
- [x] Click Jacking (https://github.com/weaveworks/service/issues/1062)
- [x] Open Redirect (https://g…
-
I thought the current site might need an overhauled look, since it feels a bit old and packed to me. So I've decided to start designing a new one that's a lot lighter. Before continuing with those oth…
-
Cross site scripting and click jacking are major concerns. Many issues can be resolved by setting some headers in the HTTP responses for the user interface and rest responses for both the master and s…
-
there is a need of new step when run is almost finished:
- runner should be asked: 'Access?' with answers 'Yes' or 'Jackout'
- when 'Yes' corp got window for rezzing DRT or Crisium Grid and confirms s…
prozz updated
7 years ago
-
While https://github.com/mozilla-services/screenshots/issues/3061 covers it being unclear when screenshots are publicly uploaded vs. "saved" to the local computer, I have security and privacy concerns…
-
I am new to ansible and aws, I have an ansible tower server which is recently updated from 3.0.1 to 3.1.4. installed on a single node with postgres DB. I can able to access the tower locally. But when…
-
We should add useful HTTP security headers to improve protection against click jacking and XSS attacks.
Specific HTTP headers and policies we should consider are:
- **Strict-Transport-Security** (…
-
Cross-site request forgery is a problem that all sites face. I think Vapor should implement a CSRF strategy for devs to use.
Here's a good guide to get started: https://www.owasp.org/index.php/Cross-…
-
-
No-one can remember precisely why #747 needed to change the check for opacity. Current theories suggest that it was because of a need to test click-jacking (handled by the check for "click intercepted…