BlogHide Resteemscryptonvester (29)in dmania • 7 years agoFair Point, Soggy Toasts SuckView post on dManiacryptonvester (29)in security • 7 years ago2017 OWASP Top 10 for PHP Developers Part 3: Sensitive Data ExposureThere is a lot of exposed data floating on the web. People hear about such events all the time – it seems like data breaches are becoming more and more common. With data breaches being so…cryptonvester (29)in dmania • 7 years agoAverage Dmania userView post on dManiacryptonvester (29)in dmania • 7 years agoTom and JerryView post on dManiacryptonvester (29)in vulnerability • 7 years ago2017 OWASP Top 10 for PHP Developers Part 2: Broken Authentication and Session ManagementWhile browsing the web, you click on a link. The link leads you to a page like this: Looks like a usual login page, right? Let’s try logging in. You go off to Discord and your friend asks…cryptonvester (29)in dmania • 7 years agoA creative tittleView post on dManiacryptonvester (29)in hacking • 7 years agoOther uses of .htaccess: Making a .htaccess-based WAFIf you’re a web developer, you’re probably fammiliar with .htaccess. If you’re not, let me give you a quick introduction: .htaccess is a part of Apache. A .htaccess file provides a way to make…cryptonvester (29)in dmania • 7 years agoCatView post on dManiacryptonvester (29)in website • 7 years agoAn old Ticket System Security AnalysisSince I started building websites few years ago, I’ve created a few projects. Some of them never saw daylight, some of them were deleted upon creation, some of them still reside in my project…cryptonvester (29)in dmania • 7 years agoWorth readingView post on dManiacryptonvester (29)in dmania • 7 years agoDeep shitView post on dManiacryptonvester (29)in dmania • 7 years agoHer majestyView post on dManiacryptonvester (29)in password • 7 years agoYour passwords are terrible, and it’s time to do something about itYou know what surprises me the most in regards to data breaches? It’s the fact that people still continue to use passwords like “password” or “123456” to protect their accounts. Think I’m kidding…cryptonvester (29)in hacking • 7 years agoA journey back in time: The analysis of the first version of my WAFAs you might already know, back in 2014, I’ve developed a custom Web Application Firewall. The primary reason I’ve started making it is that I wanted to have one file that I could incorporate into a…cryptonvester (29)in dmania • 7 years agoWhen you sell BTC for 19.5 kView post on dManiacryptonvester (29)in security • 7 years ago10 ways to increase the security of your WordPress applicationWhen someone mentions WordPress, you will often hear people saying “don’t use it, it’s insecure”. In a sense, those people are right – there is no such thing as a “silver bullet” in security. There…cryptonvester (29)in dmania • 7 years agoNo it's a pigeonView post on dManiacryptonvester (29)in hardcoding • 7 years agoHow I could have pwned my highschool (SQLi, CSRF, Hardcoded Passwords & XSS) Part 2: Investigating the BreachHonestly, this is a blog title I’ve never expected to write, but hey, data breaches happen – no website is exempt from that. I will begin with a little bit of a backstory: I’ve found flaws in a…cryptonvester (29)in website • 7 years agoYour website needs a CSP. Here’s whyHere’s a scenario: You create a website and make it available online. Your website ends up getting hacked (it happens frequently, by the way..) The nefarious party is able to inject some…cryptonvester (29)in hacking • 7 years agoYour website has assets – You need SRIAll websites have something worth protecting. Those valuable things are frequently loaded from a CDN (Content Delivery Network) which is a distributed network of data centers that deliver assets…