Daily Learning - Day 24

Date: 22nd February 2017

Below are the topics i learnt today..

Topic 1: Security - User Supplied Input-Data on URL 

If you are testing any website and see any URL and add some characters in the URL. Check what happens.

You may see errors from application or from web server.

Note: Receiving error from web server could share information about your server.

Topic 2: Security - User Supplied Input-Data for Login 

Consider a logon screen that asks for a username and password. If the application returns one error message for an incorrect username and another message for an incorrect password. This means, attacker has guessed either of them .

The danger is that the attacker now knows that he has correct username. Now his next step is to crack the password.

Topic 3: Non-Tech: Apology 

There are 6 kinds of Apologies.

  1. "It's Regretful that.." - It doesn't require you need to admit you did wrong. You're just sorry it happened..
  2. "It seems that errors occurred.." - Acknowledging that something bad happened, but you didn't have anything to do with it.
  3. "Apology directed at another issue or person.." - I'm sorry, you misunderstood my intent.
  4. "Apology used as emphasis to make a point.." - I'm sorry, the show is not good.
  5. "Apologies in Advance.." - I'm sorry, if this hurts to you.
  6. "Deflective Apologies.."  - "I am in search of my soul and peace"
Don't Apologise in expectation of receiving an apology from others.

Don't Apologise if your intentions where misinterpreted. 

Don't Apologise to blame someone else

And.. Don't Apologise for every day behaviours.

This entry was posted in . Bookmark the permalink. Location: Mysuru, Karnataka 570001, India

Leave a Reply