New posts in Web Application

Where should I store a username during a password reset?

Should I return an HSTS header for 404 error pages?

Security risks of fetching user-supplied URLs

If a server only opens port 22 and 80, do we only have those two ways to hack it?

Do fake wp-login pages help prevent webapp attacks?

Is it safe to send sensitive data in the post body to an azure function?

Is a public /admin route a security flaw?

Is it a security vulnerability to tell a user what input characters are valid/invalid?

Is PGP for user authentication a good idea?

How to deal with a company that doesn't fix (potential) security vulnerabilities in their web app?