all InfoSec news
Thoughts about reporting SPA as Broken access control
Sept. 5, 2023, 3:45 p.m. | /u/EpicBot
cybersecurity www.reddit.com
I recently received a pen testing report for an SPA (Single Page Application) with only one major vulnerability reported, with a CVSS of 8.1.
The reported issue is classified as "Broken access control".
In this deficiency, they report that by patching the client-side authentication logic in the SPA or using a proxy and modifying the authentication response from the server.
They then …
access access control application broken access control classified control cvss cybersecurity issue major page pen pen testing report reporting rules single single page application spa testing thoughts vulnerability
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Principal Business Value Consultant
@ Palo Alto Networks | Chicago, IL, United States
Cybersecurity Specialist, Sr. (Container Hardening)
@ Rackner | San Antonio, TX
Penetration Testing Engineer- Remote United States
@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
Internal Audit- Compliance & Legal Audit-Dallas-Associate
@ Goldman Sachs | Dallas, Texas, United States
Threat Responder
@ Deepwatch | Remote