Read on Twitter
XSS is one of the most common, well-understood web vulns. Detectable via free tools & techniques available to novices.
Sure, turning XSS into something more is cool
So is paying hackers #bugbounties
Wondering why journalists still glorify XSS negligence as “responsiveness” tho https://twitter.com/infosechotspot/status/1315773822176563201
Sure, turning XSS into something more is cool
So is paying hackers #bugbounties
Wondering why journalists still glorify XSS negligence as “responsiveness” tho https://twitter.com/infosechotspot/status/1315773822176563201
Could Apple have found these issues themselves more efficiently (faster & cheaper)?
We must hope so, since the assumption that they can’t figure out how to:
Prevent XSS
Scan for XSS
puts them at the bottom of common security efforts & capabilities
I don’t believe that is true
We must hope so, since the assumption that they can’t figure out how to:
Prevent XSS
Scan for XSS
puts them at the bottom of common security efforts & capabilities
I don’t believe that is true
Anyway, security journalists breathless for the next big cash bug bounty headline, I hope some of you decide to dig deeper than the press releases you’re fed about how great this bug bounty was.
It was more like insurance that paid to disguise major internal security process gaps
It was more like insurance that paid to disguise major internal security process gaps
XSS is a well understood class of bug, for which there are many free tools & techniques available to detect.
DOING SOMETHING MORE W XSS IS COOL
Failing to prevent/detect it shouldn’t be touted as great each time a well-resourced company pays out bounties
20something Bounty bros:
DOING SOMETHING MORE W XSS IS COOL
Failing to prevent/detect it shouldn’t be touted as great each time a well-resourced company pays out bounties
20something Bounty bros:
Muting this thread, blocking many.
Thanks for adding yourselves to my (and several other people observing you here) permanent no hire list.
Better hope to be one of the 9000/830,000 hackers that ever gets paid at all via bug bounties on that platform I put on the map for you.
Thanks for adding yourselves to my (and several other people observing you here) permanent no hire list.
Better hope to be one of the 9000/830,000 hackers that ever gets paid at all via bug bounties on that platform I put on the map for you.
