Thanks for signing up.
We'll see you soon 👋
We'll see you soon 👋
As cybersecurity leaders, we have to create our message of influence because security is a culture and you need the business to take place and be part of that security culture. Britney Hommertzheim
The purpose of this document is to to provide app devs and programmers of any level a primer for discussing the development of an application's registration page; this was also written with the MERN Stack in mind. The viewpoint is one taken from a grey-hat; As such:
If you want to try any or all of the techniques listed below, my recommendation is that you build a test platform on your personally owned (company is not okay) device using whatever Technology Stack you desire; then set up a local environment on your device. From there, build a simple registration page that is linked to a locally hosted back-end database using your own written APIs to manage registration; you also need to build your own front-end. Once you have your application running on an arbitrary port such as 3000, explore the simple application in your browser and use your personally created sandbox to do what sandboxes are meant to do: play.
Side note: I will not provide you with a boiler stack; don't ask. If you can't build your own, you have no business attempting to utilize the techniques listed below. You may still discuss it as an educational exercise.
Duplicate registrations of the same username can result in the original account being overwritten; this can result in data loss. Alternatively, if an account is not overwritten, a duplicate account could expose the same information of the initial user, and essentially allow a hacker to hijack the account. Learn More
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. Learn More
Rate limiting is used to control the amount of incoming and outgoing traffic to or from a network. Learn More
§§chars to the username parameter.
Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Learn More
img src=x onerror=alert('e')"
Applications with insecure email verification processes can lead to hijacked user accounts. To Learn More About Best Practices For Email Verification Processes See Here
Verification email sent We sent you an email to verify that you own "email@example.com". We'll change your email once you verify that you own it.
Weak registration implementations can result in pollution of resources, hijacking of email services, or man-in-the-middle attacks. There are two examples provided in this document:
Weak password policies can result in data breaches, loss of data, hijacking of accounts, or worse.
Engineers who find a new job through WorksHub average a 15% increase in salary.Start with GitHubStart with TwitterStart with Stack OverflowStart with Email