Why you shouldn’t pass variables to assert function in PHP.
How to convince the user to delete his account on the website without his consent?
We are used to the fact that websites contain links to another web services. But, can automatic redirection to external domain be harmful?
Can you expand the potential attack vector for a larger number of applications?
It may be found on every website that allows for exporting data to CSV format. But how the text format can be used for the attack?
Retrieving parameters from the user and later displaying them on the website always carries risk of XSS attack. But can you perform such attack without using the HTML tag?
The functionality of file upload is a key place where we should pay special attention to. If the attacker successfully sends and executes a malicious file, the whole server may be taken over.
Executing system commands on the programming language level sounds like asking for trouble. But how to do it right and safe?
Every service that has a login mechanism should also have the option to reset the password. But how to do it right?
A popular opinion says to not use the pickle class on a data given by user because on deserialization it may lead to the object injection attack and malicious code execution.