In this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability disclosure before and this ties directly into that conversation. Link to Draft: https://tools.ietf.org/html/draft-foudil-securitytxt-03 Link to form to create the file: https://securitytxt.org/ Link to our blog post: https://www.developsec.com/2018/06/26/overview-of-web-security-policies/ For more info go to https://www.developsec.com or follow us on … [Read more...] about Ep. 102: Intro to Web Security Policies
bug bounty
How Serious is Username Enumeration
Looking through Twitter recently, I caught a very interesting stream that started with the following message: What's the deal with the enumeration exclusions on all the @bugcrowd bounties. Clients just don't want to fix?— Stephen Haywood (@averagesecguy) July 26, 2016 There were quite a few replies, and a good discussion on the topic of the seriousness of username enumeration flaws. 140 characters is difficult to share a lot of thoughts, so I thought this would actually be … [Read more...] about How Serious is Username Enumeration