by Zach Edwards | Mar 28, 2019
There are numerous coding practices and server setups that can result in unexpected cached pages — pages that shouldn’t be able to be served to another user. One of the most-abused page caching features is “search index caching” — aka...
by Zach Edwards | Mar 12, 2019
As someone who has been working on enterprise digital stacks for over 12 years and building analytics stacks for over 7 years, I’ve broken my fair-share of client websites with malformed javascript. It happens to pretty much every analytics professional *on...
by Zach Edwards | Mar 6, 2019
Here’s a short video explaining the scope of this vulnerability and my initial test: I recently came across a website that I won’t name that had a very interesting problem — certain pages had almost no 3rd party javascript firing, but they had dozens...
by Zach Edwards | Jan 2, 2019
Facebook removed auto-fill functionality on forms that used Adobe’s Marketo “mkt_tok” value and took other steps to protect Facebook users from one-token-user-authentication user data exfiltration risks. Update: On January 29, 2019, I heard back from Facebook (27-days...
by Zach Edwards | Sep 20, 2018
This a guest post from Maneesh Sethi, Founder, and CEO of Pavlok (https://www.pavlok.com), an innovative company that creates wearables and technology designed to help people break bad habits and change their behavior for the better. Victory Medium and Pavlok...
Recent Comments