How NOT To Restrict Cross-Domain Flash Content
Introduction Insufficient input validation is a problem I encounter practically every time I test an application. I’ve talked about relying on input validation as a prevention mechanism before (see here and item #8 here) but since it’s such a prevalent problem I figured I’d take the time to write about it once again. While a good supplemental control, by itself input validation is usually woefully inadequate. Quite frankly, it often requires much…
Read more...Tags:bounty , bug bounty , cross domain , crossdomain , flash , jpexs , paypal
Bug Bounty Blitz!
are closed
Introduction Over the last couple of years it seems bug bounties have gained increased attention and are being embraced by more organizations — and for good reason. For companies, it can provide a cost-effective means of obtaining professional security testing and for the security community, any form of sanctioned testing against a live/production application is a good thing :). In May of this year I decided to undertake a little…
Read more...Tags:bounties , bounty , bug bounties , bug bounty , bug bounty program , bugcrowd , bugs
are closed