-
Regarding htbridge.com section, there is the SSL test (https://www.htbridge.com/ssl/).
Would it be possible adding these two too? https://www.htbridge.com/radar/ and https://www.htbridge.com/websec…
p43b1 updated
7 years ago
-
Not specific to PushBackend but we should update [https://github.com/mozilla-services/websec-check/blob/main/rust.md](https://github.com/mozilla-services/websec-check/blob/main/rust.md|smart-link)
P…
-
- Add more tamper scripts (e.g. ability to test for addslahes bypasses using big5 or GBK characters).
- Suggest tamper scripts in due course following fingerprint of technology, back-end DBMS, etc.
…
-
### A note for the community
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to he…
-
It is more robust than referrer checking and a nice addition to tokens.
http://seclab.stanford.edu/websec/csrf/csrf.pdf (proposed here)
https://wiki.mozilla.org/Security/Origin
-
...or at least try to.
https://github.com/mozilla/playdoh
That should help get through the Mozilla WebSec review process.
I want to update playdoh to django 1.4, so it probably makes sense to hold…
-
Some sources with good PHP security tips, cmfive will need to be checked over with these as security is paramount with a business orientated webapp:
http://en.wikibooks.org/wiki/Web_Application_Secur…
-
The Protocol website has a pretty minimal setup, and since it's served from a *.mozilla.org domain we should follow best practices and tighten up the security.
Currently an F on Observatory, we sho…
-
```
Instead of having an issue i want to give you some new ideas.
As u probably know there are many ways of file inclusion. Though not everyone
knows some neat tricks if %00 isn't working. A few of t…
-
I just sent this via email to contact@effective-altruism.com before i noticed the github project. Not technically an issue with the code, but still an important security bug with the site.
please i…