A checklist to protect web applications against the most common attacks

A smartphone rested on a yellow background. On the smartphone screen is a white lock icon resting on a blue background.
A smartphone rested on a yellow background. On the smartphone screen is a white lock icon resting on a blue background.
Image from Unsplash

When a new web application is deployed, it’s usually submitted to security checks. But there’s also a rush to go to market, so it’s not uncommon to deploy the first release of an application with low security conditions.

Every three to four years, OWASP publishes a list of the top 10 web-application security risks. This list reflects the most common errors in the implementation of web services.

CVE-2020–35717 — RCE through XSS in zonote Electron App

For those unfamiliar with the term, CVE stands for Common Vulnerability and Exposure. Each CVE record contains a standard identifier, a brief description, and references to related vulnerability reports and advisories. MITRE corporation keeps a list of records with all publicly disclosed vulnerabilities that is free for use.

The CVE list feeds the U.S. National Vulnerability Database (NVD) which also provides a score for each CVE. This score (called CVSS) is divided into three categories —Base, Temporal, and Environmental— and defines the impact of the vulnerability.

Image for post
Image for post
I have always wanted to submit a CVE discovered by me — Image by Unsplash

zonote is a cross-platform desktop note-taking app. Although the most basic use is saving…

Using Postman and Newman to find useful data saved in online formatting tools

If you are a web developer, you may have used any online code formatter. There are hundreds of online code formatters for different purposes, such as formatting HTML, XML, JSON, etc.

Image for post
Image for post
A well-formatted code improves the readability of the code — image by Unsplash

A common feature of these formatters is that you can save an online version of your formatted data. It’s critical to notice that this makes your code publicly available to anyone knowing the generated URL.

In this story, I will focus on JSON formatter, an online tool to validate and format JSON content. By making a simple test and with the help of Chrome Developer Tools, I could easily…

Achievements with Netflix Viewing Stats

Have you ever found yourself in the middle of a binge thinking how long have you been watching Netflix? For those of you that still don’t know what Netflix Viewing Stats is, it is a Chrome extension that helps you to answer this question and so much more.

Image for post
Image for post
A complete view of the dashboard with the new Achievements section

According to Wikipedia, gamification is the application of game-design elements and game principles in non-game contexts.

This is what we have done in the new Achievements section of this open-source project. In this section, you can earn badges to show the accomplishment of different goals. …

New look-and-feel for the dashboard of your use of Netflix

Image for post
Image for post
The new User Interface for the viewing stats dashboard

I believe in human collaboration to improve things. That’s why I’m an open-source enthusiast who loves to share his work. The Netflix Viewing Stats extension is not an exception and its source code is publicly available on Github.

Apart from being publicly available, one of the advantages of an open-source project is that anyone can contribute to the project, adding new features or fixing bugs.

Today, thanks to Laura Sánchez Redondo and José Méndez Lara, the two first contributors to this project, we can present the new release of Netflix Viewing Stats.

This new release comes with a new look-and-feel

A dashboard view into your use of Netflix

Have you ever asked yourself how much time you’ve spent watching Netflix or how many series you’ve watched?

If you have, you can get the answer to these questions and so much more with this Google Chrome extension.

Image for post
Image for post
Netflix Viewing Stats dashboard shows how much of your life Netflix has taken from you

UPDATE: Netflix Viewing Stats dashboard has a new look-and-feel and many more features, learn more about them in this story.

Netflix Viewing Stats dashboard shows stats like the number of titles watched or time spent watching movies or series. These stats include average time per day watching Netflix and record time watching Netflix in a single day. …

How I tracked all riding scooter-for-sharing in 6 cities at the same time

Mobility needs in large cities are in continuous evolution, appearing new modes of transport. One of the newest mobility solutions are electric scooters, available for renting from 1€ to unlock + 0.15€/min.

Image for post
Image for post

Madrid is undergoing profound changes in the field of mobility, and we have seen how bikes, motorbikes, and scooters from different companies flooded the sidewalks of the center of the city. Voi is just one of the companies offering this scooter-sharing service.

The way to use these vehicles is the same for all companies. You have to download an App, create a user with your email, add a…

How I found a security issue in The Fork — Yummy Days promotion and how this could have affected their business

As a financial-based web applications developer, I am always concerned about security, but it is also one of my passions. Over the last two years, some of the web applications in which I have worked have been submitted to thorough security checks, to ensure they were completely secure before going into production mode.

In this journey, I have learned a lot about security — authentication, potentially dangerous requests, injections, etc. — and how to design secure applications.

Image for post
Image for post

Eating is another of my passions, lunch time is my favorite moment of the day and El Tenedor (in Spain) / The Fork

Criptomonedas que puedes obtener sin invertir ni un euro

Si te pica el gusanillo de las criptomonedas, pero no quieres invertir dinero, hoy vamos a ver que puedes conseguir algunas totalmente gratis. La obtención de estas criptomonedas se realiza mediante acciones que reportan un beneficio para la red, como el registro en la plataforma, el seguimiento de la cuenta en las redes sociales, la invitación de nuevos miembros…

Advertencia: ninguna de estas monedas se puede intercambiar por otras monedas en ningún exchange en el momento de la escritura de este artículo, y el hecho de que este intercambio pueda producirse en el futuro es incierto y está supeditado a…

Invertir en Ethereum a través de una casa de cambio

Image for post
Image for post

Si has llegado hasta aquí es que estás interesado en invertir en criptomonedas, y a estas alturas probablemente ya sabrás que existen dos grandes redes de blockchain en el mercado llamadas Bitcoin y Ethereum, aunque hay muchas más.

El proceso de inversión en este tipo de monedas puede resultar abrumador al principio, ya que son tecnologías relativamente recientes (2009 y 2015) y aparecen muchos términos que nos resultan desconocidos.

En esta guía voy a intentar resumir mi propia experiencia y vamos a ver cómo comprar la moneda de Ethereum, el Ether, a través de una casa de cambios o un…

Héctor Martos

Software Engineer. Curious and passionate Ethical Hacker. Believer in open-source philosophy. Learn by mistake, teach by example. https://hmartos.github.io

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store