Questions tagged [web-application-security]
The web-application-security tag has no usage guidance.
web-application-security
15
questions
0
votes
0
answers
31
views
Enabling SPNEGO security in Angular
How we can enable SPNEGO security in Angular 7 so that application will be secured?. I am having WebSphere version 8.5.
I want to enable SPNEGO in angular application so the it will be secured and ...
0
votes
0
answers
48
views
Hacker caused my website to display ERR_CONNECTION_REFUSED
The hacker has done something that I have not been able to resolve. My website got taken down, and all I get now is an error in my browser that says, "ERR_CONNECTION_REFUSED".
Stuff I have ...
- 313
0
votes
1
answer
103
views
Preventing XSS attacks on Spring applications
I have tried to prevent XSS attacks in my application by sanitizing the requests containing special characters and following OWASP guidelines. But as per the Business requirements, they require all ...
- 334
0
votes
1
answer
195
views
How should signup form error responses be displayed
I have a subscription based application that is build using MERN. I've recently submitted the application to be security tested and one of the responses that I received was that the application should ...
- 431
0
votes
1
answer
45
views
malicious attack identification using web application logs
If logs are given in a specified format and you are supposed to do investigation for a malicious activity identification , where can one start as a beginner ? is there any software which can identify ...
0
votes
1
answer
149
views
Asp.net web.config syntax issue
I am working on asp.net application for removing security vulnerabilities. The vulnerability which I want to discuss are 'X-XSS Protection' and 'clickjacking'.
I went through searching and followed ...
- 41
4
votes
1
answer
2k
views
DOM Clobbering and how it works
I have some questions to the topic of DOM Clobbering:
Portswigger explains it with:
<script>
window.onload = function(){
let someObject = window.someObject || {};
let script = document....
- 653
0
votes
1
answer
146
views
How to configure jboss EAP 6.4 differently for different applications running on it?
I have a 4 applications running on my jboss server, i want to disable "X-PoweredBy" header response for particular application.
if i run the shell script and try to change it, it will be ...
1
vote
1
answer
219
views
Netsparker Detected Weak Ciphers Enabled. Is This Possible Although There Is No SSL Encryption?
I've scanned a web application with Netsparker. Although there is no https support on the site, Netsparker detected that weak ciphers are enabled. I know Netsparker says the scanner is false positive ...
- 11
0
votes
1
answer
376
views
Abusing Host Header Injection to access customized Apache Traffic Server Protocol
I came across a HTTP HELP method (https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface chapter "Invalid Host") and asked myself:
Are there any more ...
- 653
0
votes
0
answers
25
views
Enterprise Validation check login true or false and retrieve user information?
I am building an web app that is going to run on an intranet. I would like to query the client's system to determine if they are logged in with their Enterprise credentials. Also, if possible read the ...
- 47
2
votes
1
answer
1k
views
duplicate key error index in mongodb mongoose
I am building a website in which logging in with Google and typing email and password were working fine, but when I introduced logging in with Facebook, mongoDb is giving following error-
MongoError: ...
- 21
1
vote
2
answers
5k
views
Self XSS vs Reflected XSS
What is the difference between self XSS and reflected XSS?
If I find a XSS vulnerability, how do I know whether it is self XSS or reflected XSS ?
I have tried reading a lot of articles on Google but ...
2
votes
0
answers
3k
views
Securely checking the origin of a message posted from another window
My client-side code is receiving a message from another window (an iframe) -- something like this (let's call this page1, or https://my.site/page1):
window.addEventListener("message", function(event)...
- 128
0
votes
2
answers
204
views
Removing /protecting the id in the url from tampering
I'm working on solving some application vulnerabilities. I have an edit page with a url http://localhost:12997/Manning_HQ/Edit/1274 the problem was users were able to change the the id and be able to ...
- 145