logo
E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and database host IP address. With this information, attackers can connect to the database and perform actions such as adding, modifying, or deleting database contents.

#WEB

Mozilla Observatory

The Mozilla Observatory has helped over 240,000 websites by teaching developers, system administrators, and security professionals how to configure their sites safely and securely.

Bugzilla

The issue tracker for Firefox and other Mozilla products.

MDN Security on the Web

Websites contain several different types of information. Some of it is non-sensitive, for example the copy shown on the public pages. Some of it is sensitive, for example customer usernames, passwords, and banking information, or internal algorithms and private product information.

Invicti Blog

Latest web security & vulnerabilities, product releases, product docs and faq blogs.

PortSwigger Research

Web Security Research Papers.

Reddit - Web Security Research

A community for sharing and discussing novel web security research.

PentesterLab

Learn Web Penetration Testing

PortSwigger Web Security Academy

Learn to secure the web one step at a time, with our practical, interactive learning materials. Covering the latest research, and completely free.

WebSec Blog
Sam Curry Blog

Web Application Security Researcher

Hacker101 CTF

Whether you've just started your hacker journey or you're just looking for some new challenges, the Hacker101 CTF has something for you.