pin/428545720764002361/

This story of how i find vulnerability in google, twitter, apple and dell for fun after more than 40 try

Google



unsplash/@juxtaposition

What is Export?

In a personal computer application, to export is to convert a file into another format than the one it is currently in. Once the file is exported to the desired format (specified in its file name suffix), it can be opened and worked on by an application that recognizes and uses this format. Adobe Photoshop and other programs use this term. Other applications such as Word let you export a file by simply specifying the appropriate file name suffix when you use the “Save as” selection.

What is Import?

A file that has not been exported to a desired file format can be…


Things to be aware of when using 2FA with websites and services

Two-factor authentication (2FA) is a specific type of multi-factor authentication (MFA) that strengthens access security by requiring two methods (also referred to as authentication factors) to verify your identity. These factors can include something you know — like a username and password — plus something you have — like a smartphone app — to approve authentication requests.

2FA protects against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.

Why is 2FA Important?

Two-factor authentication (2FA) is the foundational element of a zero trust security model. In order to protect sensitive data, you must verify…


thenetcircle.com

React is a JavaScript library for building user interfaces. It is maintained by Facebook and a community of individual developers and companies. React can be used as a base in the development of single-page or mobile applications, as it is optimal for fetching rapidly changing data that needs to be recorded.

ReactJS is quite safe by design since

  • String variables in views are escaped automatically
  • With JSX you pass a function as the event handler, rather than a string that can contain malicious code

But …

Dangerously Set innerHTML

This feature is designed to present and insert DOM formatted content data into the frontend. The use of the feature is…


Rubber Ducky

usbrubberducky.com

This “special” pen drive is a device that works as a programmed keyboard in the shape of a USB drive. When you plug it into a computer, it starts writing automatically to launch programs and tools which may either be available on the victim computer or loaded onto the drive’s onboard Micro SD, in order to extract information.

If you watch the hit TV series Mr. Robot, you’ll likely remember that in the second season Rubber Ducky is a crucial ally for Angela, helping her gain access to an E Corp executive’s passwords.

LAN Turtle


If someone really wants to get at the information, it is not difficult
if they can gain physical access to the computer or hard drive.
– Microsoft White Paper, July 1999

bayometric.com

What is Physical Security

Provides for the protection of property, personnel, facilities, and material against unauthorized entry, trespass, damage, sabotage, theft, or other criminal acts.

Security Components

Not limited to hardware:

  • Policies and Procedures
  • Training Programs
  • Employees
  • Security Staff

Security Tasks

Components and procedures must be mutually supportive. Performing one or more of the three principle security tasks:


Complete and in-depth guide for Web Application Firewalls

What is a Web Application Firewall (WAF)?

A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.

It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks.

This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.


Proche

Security in the cloud is much like security in your on-premises data centers — only without the costs of maintaining facilities and hardware. In the cloud, you don’t have to manage physical servers or storage devices. Instead, you use software-based security tools to monitor and protect the flow of information into and of out of your cloud resources.

What Is Cloud Security?

Cloud computing security is a fast-growing service that provides many of the same functionalities as traditional IT security. This includes protecting critical information from theft, data leakage and deletion.

One of the benefits of cloud services is that you can operate at…

rezaduty

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store