- Practice to exclude vulnerability type(s)
- Why: this makes it easier for the receiver to identify the root cause of the vulnerability and duplicates faster. When there are multiple vulnerabilities, and there's no chain, consider them being separate reports. Expect that your reports will be escalated to people that have never heard security lingo like XSS. Help them understand the vulnerability and give remediation advice where possible.
- Good title: Lack of input sanitization in name parameter on https://register.example.com/new leads to execution of JavaScript in user session.
- OK title: Reflected XSS in name parameter on https://register.example.com/new
- Poor title: XSS
- Mention the affected asset
- Why: different people or teams are often responsible for different assets. Decrease triage overhead by mentioning the asset, such as a domain name, mobile app, device, version number, or URL, in the title so it's easier to assign it to someone with more knowledge abo
Anthonios Partheniou parthea
jobertabma
/ report-title-tips.md
Created
June 11, 2017 22:25
bogdan-nourescu
/ inject_script.js
Last active
June 16, 2017 13:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var newPlace = document.querySelector(".p6n-product-logo"); | |
| newPlace.innerHTML=""; | |
| var interval = setInterval(function(){ | |
| //we have setInterval here because they are lazy loading the pins | |
| var pins=document.querySelectorAll("pan-console-nav-section-item.p6n-console-nav-pin-container"); | |
| if (pins.length > 0) { | |
| clearInterval(interval); | |
| } else { | |
| return; | |
| } |
A personal diary of DataFrame munging over the years.
Convert Series datatype to numeric (will error if column has non-numeric values)
(h/t @makmanalp)