stackoverflow.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2025-08-14.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2025-08-14 2025 | oauth 2.0 - How does CSRF work without state parameter in OAuth2.0? - StackCSRF | The content discusses the concept of Cross-Site Request Forgery (CSRF) in OAuth 2.0 and how it operates without the state parameter. CSRF attacks can occur when a malicious website tricks a user's browser into making unauthorized requests to a different site where the user is authenticated. The absence of the state parameter in OAuth 2.0 can make it vulnerable to CSRF attacks, potentially compromising user security. It is important to implement proper security measures to prevent CSRF attacks in OAuth 2.0 implementations. |
| 2025-08-14 2025 | ruby - Sinatra CSRF Authenticity tokens - Stack OverflowCSRF | The content is about using CSRF (Cross-Site Request Forgery) authenticity tokens in a Ruby web application built with Sinatra. This security measure helps prevent unauthorized actions by verifying the origin of requests. The discussion likely involves implementing CSRF protection in Sinatra applications to enhance security and protect against malicious attacks. The content seems to be a question or discussion thread related to this topic on the Stack Overflow platform. |
| 2025-08-14 2025 | asp.net - Bypass XSS blacklist "", "&" input nvarchar - Stack OverflowXSS | The content discusses bypassing a Cross-Site Scripting (XSS) blacklist in ASP.NET by manipulating input containing characters like "", "&" when using the nvarchar data type. This issue was raised on Stack Overflow. The focus is on circumventing security measures to execute XSS attacks by exploiting vulnerabilities in the input handling process. |
| 2024-11-29 2024 | Python Twisted proxy - how to intercept packetsBurpPython | I'm trying to print out the body of a HTTP response using Python. Here is my code sofar: from twisted.web import proxy, http from twisted.internet import reactor from twisted.python import log im... |
| 2023-10-03 2023 | Is XSS Attack via PDF Javascript Possible?XSS | Is XSS Attack via PDF Javascript Possible? https://ift.tt/DMFo0mJ |
| 2023-05-21 2023 | JWT (Json Web Token) Audience aud versus Client_Id - What's the difference?AuthNJWT | JWT (Json Web Token) Audience “aud” versus Client_Id - What's the difference? https://ift.tt/EmJcMtF |
| 2021-12-06 2021 | How to run BeEF behind an nginx reverse proxy with SSL correctlyRecon | How to run BeEF behind an nginx reverse proxy with SSL correctly |
| 2021-10-07 2021 | What content-type's execute javascript in the browser?XSS | What content-type's execute javascript in the browser? |
| 2021-02-28 2021 | How to learn internals of the Go Programming Language? For noob - Stack Ove | The content discusses the author's experience in Go programming language job interviews where they were asked about the implementation of channels and goroutines. The author highlights the importance of understanding the internals of Go for job interviews. |
| 2016-01-21 2016 | python/scapy DNS sniffer and parser - Stack OverflowPython | The user has a Python/Scapy DNS sniffer that successfully captures DNS messages and extracts IP/UDP source/destination addresses and ports. However, they are encountering difficulties parsing the DNS part of the messages. They are seeking assistance with parsing the DNS information. |