Real World Cryptography News Today : Breaking News, Live Updates & Top Stories | Vimarsana

By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web applications, including client-side code execution, OAuth replay attacks, and unauthorized access to resources. During our evaluation, Caddy was deployed as a reverse proxy…

Maciej domanskiTravis petersDavid pokoraGolang security for the communityCaddy serverReflected cross site scriptingActive scannerBurp suite professionalContent security policyTesting handbookReal world cryptographyParam minerReferer based headerOpen redirectionX forwarded host headerX forwarded proto header