CSP Evaluator
CSP Evaluator allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. It assists with the process of reviewing CSP policies, which is usually a manual task, and helps identify subtle CSP bypasses which undermine the value of a policy. CSP Evaluator checks are based on a large-scale study and are aimed to
Introduction | Book of BugBounty Tips
Hi , This book is a collection of "BugBounty" Tips tweeted / shared by community people. It includes the tweets I collected over the past from Twitter , Google and Hastags and chances that few tips may be missing. I have categorized tips against each vulnerability classification and "will be updating" regularly. Each tweet has link to original tweet to read about others replies / comments. Huge "T
Security headers quick reference  | Articles  | web.dev
This article lists the most important security headers you can use to protect your website. Use it to understand web-based security features, learn how to implement them on your website, and as a reference for when you need a reminder. Security headers recommended for websites that handle sensitive user data: Content Security Policy (CSP) Trusted Types Security headers recommended for all websites
GitHub's CSP journey
AI & MLLearn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry. Generative AILearn how to build with generative AI. GitHub CopilotChange how you work with GitHub Copilot. LLMsEverything developers need to know about LLMs. Machine learningMachine learning tips, tricks, and best practices. How AI code generation worksExplore the capabilities and be
Mitigate cross-site scripting (XSS) with a strict Content Security Policy (CSP)  | Articles  | web.dev
Mitigate cross-site scripting (XSS) with a strict Content Security Policy (CSP) Stay organized with collections Save and categorize content based on your preferences. Cross-site scripting (XSS), the ability to inject malicious scripts into a web app, has been one of the biggest web security vulnerabilities for over a decade. Content Security Policy (CSP) is an added layer of security that helps to
Web Security
The goal of this document is to help operational teams with creating secure web applications. All Mozilla sites and deployments are expected to follow the recommendations below. Use of these recommendations by the public is strongly encouraged. The Security Assurance team maintains this document as a reference guide. Table of Contents Cheat Sheet Transport Layer Security (TLS/SSL) HTTPS HTTP Stric
Mozillaã®Webã‚»ã‚ュリティガイドラインãŒä¸ã€…良ã‹ã£ãŸè©± - Qiita
最åˆã« 今ã¾ã§ã¯ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ã®é–‹ç™ºã‚’ガシガシやã£ã¦ãŠã‚Šã€ã“ã“1å¹´ã¡ã‚‡ã£ã¨ãƒ•ãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰ã®é–‹ç™ºã‚’ãŠã“ãªã£ã¦ã„ã¦MDNã«ç›®ã‚’通ã™æ©Ÿä¼šãŒå¢—ãˆã¦ã¾ã™ã€‚ ãã“ã§MozillaãŒå‡ºã—ã¦ã„ã‚‹Webã‚»ã‚ュリティガイドラインをèªã‚“ã§ã¿ã¦ã€ä¸ã€…良ã‹ã£ãŸã®ã§ç°¡å˜ã«ã¾ã¨ã‚ã¦ã¿ã‚ˆã†ã¨æ€ã„ã¾ã™ã€‚ ã¾ãšãƒãƒ¼ãƒˆã‚·ãƒ¼ãƒˆã¨ã„ã†ã®ãŒã‚ã£ã¦ã€å„ガイドラインã®é …ç›®ã®ã‚»ã‚ュリティ上ã®ãƒ¡ãƒªãƒƒãƒˆã‚„実装ã®é›£ã—ã•ã®ãƒ¬ãƒ™ãƒ«ã€å–り組むã¹ã優先度ãŒè¼‰ã£ã¦ã„ã¾ã™ã€‚ 基本的ã«ã‚¢ãƒ—リケーションを作æˆã™ã‚‹éš›ã¯ã“ã®ãƒãƒ¼ãƒˆã‚·ãƒ¼ãƒˆã«è¼‰ã£ã¦ã„る優先度や実装ã®é›£ã—ã•ã‚’考慮ã—ã¦ã‚»ã‚ュリティã®ç¢ºä¿ã‚’ã‚„ã£ã¦ã„ãã®ãŒè‰¯ã•ãã†ã ãªã¨æ€ã„ã¾ã—ãŸã€‚ 軽ãå„é …ç›®ã‚’çœºã‚ã¦ã„ãã¾ã™ã€‚ HTTPS 最新ã®ãƒ–ラウザã§ã‚·ã‚¹ãƒ†ãƒ ã¨é€šä¿¡ã™ã‚‹æƒ³å®šã®å ´åˆã¯Mozilla Wikiã«ã‚る最新ã®TLS構æˆãŒè‰¯ã„ã¿ãŸã„ã§ã™ã€‚ レガシーブラウザã¨ã®äº’æ›æ€§ã‚’ä¿ã¡ãŸã„å ´åˆã¯ä¸‹ä½äº’æ›ã®ã‚ã‚‹TLS構æˆãŒè‰¯ã„ã¿ãŸã„
awesome-web-security/README-jp.md at master · qazbnm456/awesome-web-security
🶠Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning
Cheatsheet: XSS that works in 2021
It’s been a year since my last XSS cheatsheet, and a year of developments in XSS exploitology. Here’s a new and updated version jam-packed full of goodies that I use myself! Note: This cheat-sheet focuses on up to date and relevant items only. Would you take a cheat sheet with you to an exam that has a bunch of irrelevant stuff? No, of course not. I hate cheat sheets that waste space on methods th
webアプリã«ãŠã‘る脆弱性やãƒãƒƒã‚ング手法ãªã©ã®ã‚»ã‚ュリティã«ã¤ã„㦠- Qiita
ã¯ã˜ã‚ã« çªç„¶ã§ã™ãŒã€è³ªå•ã§ã™ã€‚ 2020å¹´ã«ç™»éŒ²ã•ã‚ŒãŸè„†å¼±æ€§ã§ 一番多ã‹ã£ãŸã‚‚ã® ã¯ä½•ã‹ã”å˜çŸ¥ã§ã™ã‹ï¼Ÿ æ£è§£ã¯ クãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ティング ã§ã™ (2020年上åŠæœŸã€è„†å¼±æ€§å¯¾ç–æƒ…å ±ã®ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã®JVN iPediaã«ç™»éŒ²ã•ã‚ŒãŸã‚‚ã®) 2020年上åŠæœŸï¼ˆ1月~6月)ã«JVN iPediaã¸ç™»éŒ²ã•ã‚ŒãŸè„†å¼±æ€§ã§ä¸€ç•ªå¤šã‹ã£ãŸã®ã¯ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ティング㧠1099件 ã ãã†ã§ã™ ã¾ãŸã€æƒ…å ±ã®æ¼ãˆã„や改ã–ã‚“ã•ã‚Œã‚‹ã‚ˆã†ãªå±é™ºåº¦ãŒé«˜ã„è„…å¨ã§ã‚ã‚‹ã‚‚ã®ãŒå…¨ä½“ã®86.2ï¼…ã‚‚å ã‚ã¦ã„ã¾ã™ 本記事ã§ã¯é–‹ç™ºè€…ã¨ã—ã¦ä»–人事ã ã¨æ€ã‚ãšã‚»ã‚ュリティã«ã¤ã„ã¦èª¿ã¹ã¦ã¿ã‚ˆã†ã‹ã¨æ€ã„ã¾ã™ ※自分自身調ã¹ãªãŒã‚‰æ›¸ã„ã¦ã„ã‚‹ã®ã§è¶³ã‚Šãªã„部分ã®ä¸è¶³ã—ã¦ã„ã‚‹æƒ…å ±ã¯ã‚ã‚‹ã‹ã¨æ€ã„ã¾ã™ãŒã”了承ãã ã•ã„ å‚考 https://www.ipa.go.jp/security/vuln/report/JVNiPedia2020q1.html
The Prices vs. Features of Web Application Vulnerability Scanners
Price and Feature Comparison of Web Application Scanners The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated or new ) Last updated: 18/09/2016 Sorted in an ascending order according to the scanner audit features, various prices, benchmark results and name. Hint: click the product name to get detailed information on the produ
Bug Hunting Methodology(Part-3)
Hi I am Shankar Ramakrishnan ( @trapp3r_hat) from India. I hope you all doing good. I am a security researcher from the last few years. Yes absolutely am doing bug bounty in the part-time because I am working as a Lead Security Consultant at Peneto Labs Pvt Ltd. Thank you guys to appreciating my previous blog posts. Here is my write-ups about the Bug Hunting Methodology(part-1)& Bug Hunting Method
GitHub - m4ll0k/WAScan: WAScan - Web Application Scanner
Dismiss Join GitHub today GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together. Sign up GitHub is where the world builds software Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
GitHub - wonda-tea-coffee/security-tips
GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties
React ã«ãŠã‘ã‚‹ XSS|React 㨠Vue ã«é–¢ã™ã‚‹ XSS アンãƒãƒ‘ターン
GOOGLE HACKING / DORKING
The Ultimate Guide to Finding and Escalating XSS Bugs | @Bugcrowd
GitHub - vavkamil/awesome-bugbounty-tools: A curated list of various bug bounty tools
XXXX
{{#tags}}- {{label}}
{{/tags}}