1690v | 7 years ago | on: Vulnerability Spotlight: Python.org certificate parsing denial-of-service
1690v's comments
1690v | 8 years ago | on: Panerabread.com leaks millions of customer records
That is a terrible idea. Imagine sentencing programmers to jail for security issues in their code.
1690v | 8 years ago | on: The Tangled Web: A Guide to Securing Modern Web Applications (2011)
I finally got around to reading lcamtuf's other book, Silence on the Wire (2005) this wekk.
If you have even a small amount of interest in passive recon, it is excellent- http://lcamtuf.coredump.cx/silence.shtml
1690v | 8 years ago | on: To Get a Job at Tesla, Consider Learning C or C++
This post is a weird mix of advertisement and stating the obvious.
1690v | 8 years ago | on: Reverse-engineering the Starbucks ordering API
It also expands the total attack surface of a system, which can lead to security problems. If you read some of the public disclosures from various bug bounty programs, neglected APIs have led to some serious vulnerabilities.
"Underprotected APIs" is actually number 10 on the OWASP Top 10 for 2017.
page 1
https://www.talosintelligence.com/reports/TALOS-2018-0758 404s