@cryptonvester
29White hat hacker, exposing security problems, securing websites. Also MEMES!
steemit.com/@cryptonvesterVOTING POWER100.00%
DOWNVOTE POWER100.00%
RESOURCE CREDITS100.00%
REPUTATION PROGRESS8.42%
Net Worth
0.105USD
STEEM
0.005STEEM
SBD
0.190SBD
Effective Power
5.007SP
├── Own SP
0.227SP
└── Incoming DelegationsDeleg
+4.780SP
Detailed Balance
| STEEM | ||
| balance | 0.005STEEM | STEEM |
| market_balance | 0.000STEEM | STEEM |
| savings_balance | 0.000STEEM | STEEM |
| reward_steem_balance | 0.000STEEM | STEEM |
| STEEM POWER | ||
| Own SP | 0.227SP | SP |
| Delegated Out | 0.000SP | SP |
| Delegation In | 4.780SP | SP |
| Effective Power | 5.007SP | SP |
| Reward SP (pending) | 0.000SP | SP |
| SBD | ||
| sbd_balance | 0.190SBD | SBD |
| sbd_conversions | 0.000SBD | SBD |
| sbd_market_balance | 0.000SBD | SBD |
| savings_sbd_balance | 0.000SBD | SBD |
| reward_sbd_balance | 0.000SBD | SBD |
{
"balance": "0.005 STEEM",
"savings_balance": "0.000 STEEM",
"reward_steem_balance": "0.000 STEEM",
"vesting_shares": "369.381949 VESTS",
"delegated_vesting_shares": "0.000000 VESTS",
"received_vesting_shares": "7774.277857 VESTS",
"sbd_balance": "0.190 SBD",
"savings_sbd_balance": "0.000 SBD",
"reward_sbd_balance": "0.000 SBD",
"conversions": []
}Account Info
| name | cryptonvester |
| id | 803744 |
| rank | 1,263,215 |
| reputation | 2843128263 |
| created | 2018-03-03T10:46:24 |
| recovery_account | steem |
| proxy | None |
| post_count | 48 |
| comment_count | 0 |
| lifetime_vote_count | 0 |
| witnesses_voted_for | 0 |
| last_post | 2018-06-10T06:47:03 |
| last_root_post | 2018-06-10T06:47:03 |
| last_vote_time | 2018-06-13T06:26:27 |
| proxied_vsf_votes | 0, 0, 0, 0 |
| can_vote | 1 |
| voting_power | 0 |
| delayed_votes | 0 |
| balance | 0.005 STEEM |
| savings_balance | 0.000 STEEM |
| sbd_balance | 0.190 SBD |
| savings_sbd_balance | 0.000 SBD |
| vesting_shares | 369.381949 VESTS |
| delegated_vesting_shares | 0.000000 VESTS |
| received_vesting_shares | 7774.277857 VESTS |
| reward_vesting_balance | 0.000000 VESTS |
| vesting_balance | 0.000 STEEM |
| vesting_withdraw_rate | 0.000000 VESTS |
| next_vesting_withdrawal | 1969-12-31T23:59:59 |
| withdrawn | 0 |
| to_withdraw | 0 |
| withdraw_routes | 0 |
| savings_withdraw_requests | 0 |
| last_account_recovery | 1970-01-01T00:00:00 |
| reset_account | null |
| last_owner_update | 1970-01-01T00:00:00 |
| last_account_update | 2018-04-26T17:04:51 |
| mined | No |
| sbd_seconds | 0 |
| sbd_last_interest_payment | 1970-01-01T00:00:00 |
| savings_sbd_last_interest_payment | 1970-01-01T00:00:00 |
{
"active": {
"account_auths": [],
"key_auths": [
[
"STM79KwY5PoV1cpzzFPway7prZfNrUgq4fXxaBG2FyyjDQmnAKmxi",
1
]
],
"weight_threshold": 1
},
"balance": "0.005 STEEM",
"can_vote": true,
"comment_count": 0,
"created": "2018-03-03T10:46:24",
"curation_rewards": 0,
"delegated_vesting_shares": "0.000000 VESTS",
"downvote_manabar": {
"current_mana": 2035914951,
"last_update_time": 1779058926
},
"guest_bloggers": [],
"id": 803744,
"json_metadata": "{\"profile\":{\"name\":\"Omega \",\"about\":\"White hat hacker, exposing security problems, securing websites. Also MEMES!\",\"profile_image\":\"https://www.dailydot.com/wp-content/uploads/a04/00/266ab394b86b4ac6-2048x1024.jpg\",\"cover_image\":\"https://i2.wp.com/thebillion-dollar.com/wp-content/uploads/2016/12/How-To-Become-Ethical-Hacker.jpg?resize=768%2C432\",\"website\":\"https://lukasvileikis.com\"}}",
"last_account_recovery": "1970-01-01T00:00:00",
"last_account_update": "2018-04-26T17:04:51",
"last_owner_update": "1970-01-01T00:00:00",
"last_post": "2018-06-10T06:47:03",
"last_root_post": "2018-06-10T06:47:03",
"last_vote_time": "2018-06-13T06:26:27",
"lifetime_vote_count": 0,
"market_history": [],
"memo_key": "STM5ECQFDPmuEu8E4r5wpbXiz4dqdr9LCci8RWawBsogp69CR82Wk",
"mined": false,
"name": "cryptonvester",
"next_vesting_withdrawal": "1969-12-31T23:59:59",
"other_history": [],
"owner": {
"account_auths": [],
"key_auths": [
[
"STM5wiXVXNzqiGdRBTAkWuqherXyyRVhZNEzG3wtxbdDZgkpYdeXm",
1
]
],
"weight_threshold": 1
},
"pending_claimed_accounts": 0,
"post_bandwidth": 0,
"post_count": 48,
"post_history": [],
"posting": {
"account_auths": [
[
"dmania.app",
1
]
],
"key_auths": [
[
"STM6ZNS4UaHt6CCC8zxxmLkBcDJNkHCabmKDgCWdZZxY31iKqmmKx",
1
]
],
"weight_threshold": 1
},
"posting_json_metadata": "{\"profile\":{\"name\":\"Omega \",\"about\":\"White hat hacker, exposing security problems, securing websites. Also MEMES!\",\"profile_image\":\"https://www.dailydot.com/wp-content/uploads/a04/00/266ab394b86b4ac6-2048x1024.jpg\",\"cover_image\":\"https://i2.wp.com/thebillion-dollar.com/wp-content/uploads/2016/12/How-To-Become-Ethical-Hacker.jpg?resize=768%2C432\",\"website\":\"https://lukasvileikis.com\"}}",
"posting_rewards": 162,
"proxied_vsf_votes": [
0,
0,
0,
0
],
"proxy": "",
"received_vesting_shares": "7774.277857 VESTS",
"recovery_account": "steem",
"reputation": 2843128263,
"reset_account": "null",
"reward_sbd_balance": "0.000 SBD",
"reward_steem_balance": "0.000 STEEM",
"reward_vesting_balance": "0.000000 VESTS",
"reward_vesting_steem": "0.000 STEEM",
"savings_balance": "0.000 STEEM",
"savings_sbd_balance": "0.000 SBD",
"savings_sbd_last_interest_payment": "1970-01-01T00:00:00",
"savings_sbd_seconds": "0",
"savings_sbd_seconds_last_update": "1970-01-01T00:00:00",
"savings_withdraw_requests": 0,
"sbd_balance": "0.190 SBD",
"sbd_last_interest_payment": "1970-01-01T00:00:00",
"sbd_seconds": "0",
"sbd_seconds_last_update": "2018-05-28T14:46:03",
"tags_usage": [],
"to_withdraw": 0,
"transfer_history": [],
"vesting_balance": "0.000 STEEM",
"vesting_shares": "369.381949 VESTS",
"vesting_withdraw_rate": "0.000000 VESTS",
"vote_history": [],
"voting_manabar": {
"current_mana": "8143659806",
"last_update_time": 1779058926
},
"voting_power": 0,
"withdraw_routes": 0,
"withdrawn": 0,
"witness_votes": [],
"witnesses_voted_for": 0,
"rank": 1263215
}Withdraw Routes
| Incoming | Outgoing |
|---|---|
Empty | Empty |
{
"incoming": [],
"outgoing": []
}From Date
To Date
steemdelegated 4.780 SP to @cryptonvester2026/05/17 23:02:06
steemdelegated 4.780 SP to @cryptonvester
2026/05/17 23:02:06
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 7774.277857 VESTS |
| Transaction Info | Block #106141994/Trx 21dc6ee5cbd051bd67dcd6ad9d7707d2d12fb7c3 |
View Raw JSON Data
{
"block": 106141994,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "7774.277857 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2026-05-17T23:02:06",
"trx_id": "21dc6ee5cbd051bd67dcd6ad9d7707d2d12fb7c3",
"trx_in_block": 4,
"virtual_op": 0
}steemdelegated 3.113 SP to @cryptonvester2026/05/11 22:57:33
steemdelegated 3.113 SP to @cryptonvester
2026/05/11 22:57:33
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 5062.067452 VESTS |
| Transaction Info | Block #105969866/Trx 9122f0231150e97f6792766fed80552c26846396 |
View Raw JSON Data
{
"block": 105969866,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "5062.067452 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2026-05-11T22:57:33",
"trx_id": "9122f0231150e97f6792766fed80552c26846396",
"trx_in_block": 2,
"virtual_op": 0
}steemdelegated 4.788 SP to @cryptonvester2026/04/25 22:25:03
steemdelegated 4.788 SP to @cryptonvester
2026/04/25 22:25:03
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 7786.793613 VESTS |
| Transaction Info | Block #105509681/Trx b17cd42b278854737ea642c3e6389b2b3f367c7d |
View Raw JSON Data
{
"block": 105509681,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "7786.793613 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2026-04-25T22:25:03",
"trx_id": "b17cd42b278854737ea642c3e6389b2b3f367c7d",
"trx_in_block": 0,
"virtual_op": 0
}steemdelegated 3.138 SP to @cryptonvester2026/01/23 04:33:51
steemdelegated 3.138 SP to @cryptonvester
2026/01/23 04:33:51
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 5103.614271 VESTS |
| Transaction Info | Block #102847933/Trx 9c467939224f150a8f306235ecfc1a7fe05ffae0 |
View Raw JSON Data
{
"block": 102847933,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "5103.614271 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2026-01-23T04:33:51",
"trx_id": "9c467939224f150a8f306235ecfc1a7fe05ffae0",
"trx_in_block": 1,
"virtual_op": 0
}steemdelegated 3.239 SP to @cryptonvester2024/12/16 23:53:06
steemdelegated 3.239 SP to @cryptonvester
2024/12/16 23:53:06
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 5267.833468 VESTS |
| Transaction Info | Block #91294342/Trx 65e2f2fd0ac11ecf8d63ec8063bd36fffe9c99d0 |
View Raw JSON Data
{
"block": 91294342,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "5267.833468 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2024-12-16T23:53:06",
"trx_id": "65e2f2fd0ac11ecf8d63ec8063bd36fffe9c99d0",
"trx_in_block": 1,
"virtual_op": 0
}steemdelegated 3.343 SP to @cryptonvester2023/11/13 15:37:21
steemdelegated 3.343 SP to @cryptonvester
2023/11/13 15:37:21
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 5436.967000 VESTS |
| Transaction Info | Block #79848583/Trx 53999b25a4081c0cf9c686352edf987398be31b3 |
View Raw JSON Data
{
"block": 79848583,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "5436.967000 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2023-11-13T15:37:21",
"trx_id": "53999b25a4081c0cf9c686352edf987398be31b3",
"trx_in_block": 1,
"virtual_op": 0
}steemdelegated 5.149 SP to @cryptonvester2023/09/21 20:24:27
steemdelegated 5.149 SP to @cryptonvester
2023/09/21 20:24:27
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 8374.245786 VESTS |
| Transaction Info | Block #78346129/Trx 8cf9b9383b5e5eab9b11c5c130056806fb831c8c |
View Raw JSON Data
{
"block": 78346129,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "8374.245786 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2023-09-21T20:24:27",
"trx_id": "8cf9b9383b5e5eab9b11c5c130056806fb831c8c",
"trx_in_block": 4,
"virtual_op": 0
}steemdelegated 5.285 SP to @cryptonvester2022/11/03 10:22:33
steemdelegated 5.285 SP to @cryptonvester
2022/11/03 10:22:33
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 8595.927224 VESTS |
| Transaction Info | Block #69111677/Trx ad136aa917492acc4902fc106357038660a175a7 |
View Raw JSON Data
{
"block": 69111677,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "8595.927224 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2022-11-03T10:22:33",
"trx_id": "ad136aa917492acc4902fc106357038660a175a7",
"trx_in_block": 5,
"virtual_op": 0
}steemdelegated 5.421 SP to @cryptonvester2022/01/17 09:45:00
steemdelegated 5.421 SP to @cryptonvester
2022/01/17 09:45:00
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 8816.460455 VESTS |
| Transaction Info | Block #60807974/Trx f6a743dbaa29766d663fed553b9a7c5fb1d04d89 |
View Raw JSON Data
{
"block": 60807974,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "8816.460455 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2022-01-17T09:45:00",
"trx_id": "f6a743dbaa29766d663fed553b9a7c5fb1d04d89",
"trx_in_block": 14,
"virtual_op": 0
}steemdelegated 5.534 SP to @cryptonvester2021/06/13 23:43:00
steemdelegated 5.534 SP to @cryptonvester
2021/06/13 23:43:00
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 9000.229113 VESTS |
| Transaction Info | Block #54606421/Trx 9e8304ca563f275cef1198e0dada9722fe4aa5b9 |
View Raw JSON Data
{
"block": 54606421,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "9000.229113 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2021-06-13T23:43:00",
"trx_id": "9e8304ca563f275cef1198e0dada9722fe4aa5b9",
"trx_in_block": 2,
"virtual_op": 0
}steemdelegated 5.649 SP to @cryptonvester2020/12/11 10:03:39
steemdelegated 5.649 SP to @cryptonvester
2020/12/11 10:03:39
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 9187.651087 VESTS |
| Transaction Info | Block #49353926/Trx 4f181b9c45b6482fb3ef81579ae5b76864f296db |
View Raw JSON Data
{
"block": 49353926,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "9187.651087 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2020-12-11T10:03:39",
"trx_id": "4f181b9c45b6482fb3ef81579ae5b76864f296db",
"trx_in_block": 1,
"virtual_op": 0
}steemdelegated 1.176 SP to @cryptonvester2020/12/06 03:40:48
steemdelegated 1.176 SP to @cryptonvester
2020/12/06 03:40:48
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 1912.543513 VESTS |
| Transaction Info | Block #49205491/Trx d3e384e3a2191457f269091c24fbf2b3da24e90b |
View Raw JSON Data
{
"block": 49205491,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "1912.543513 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2020-12-06T03:40:48",
"trx_id": "d3e384e3a2191457f269091c24fbf2b3da24e90b",
"trx_in_block": 0,
"virtual_op": 0
}steemdelegated 5.653 SP to @cryptonvester2020/12/05 11:38:00
steemdelegated 5.653 SP to @cryptonvester
2020/12/05 11:38:00
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 9194.017726 VESTS |
| Transaction Info | Block #49186597/Trx bfb812033241d338afcbc2a7422c1226256e4d01 |
View Raw JSON Data
{
"block": 49186597,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "9194.017726 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2020-12-05T11:38:00",
"trx_id": "bfb812033241d338afcbc2a7422c1226256e4d01",
"trx_in_block": 13,
"virtual_op": 0
}steemdelegated 1.181 SP to @cryptonvester2020/11/02 13:15:51
steemdelegated 1.181 SP to @cryptonvester
2020/11/02 13:15:51
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 1920.017158 VESTS |
| Transaction Info | Block #48255008/Trx bd395d6386e03386ccf6a2ecc75deb3174ae56ca |
View Raw JSON Data
{
"block": 48255008,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "1920.017158 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2020-11-02T13:15:51",
"trx_id": "bd395d6386e03386ccf6a2ecc75deb3174ae56ca",
"trx_in_block": 1,
"virtual_op": 0
}steemdelegated 5.778 SP to @cryptonvester2020/05/09 04:37:03
steemdelegated 5.778 SP to @cryptonvester
2020/05/09 04:37:03
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 9396.664300 VESTS |
| Transaction Info | Block #43215723/Trx c0701df84178797b8b5a5cc59d41f21cbbff03be |
View Raw JSON Data
{
"block": 43215723,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "9396.664300 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2020-05-09T04:37:03",
"trx_id": "c0701df84178797b8b5a5cc59d41f21cbbff03be",
"trx_in_block": 4,
"virtual_op": 0
}steemdelegated 1.201 SP to @cryptonvester2020/05/08 08:03:21
steemdelegated 1.201 SP to @cryptonvester
2020/05/08 08:03:21
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 1953.311140 VESTS |
| Transaction Info | Block #43191625/Trx 62fb943cf5ca153fd26dfe1120158a0740bb2bcd |
View Raw JSON Data
{
"block": 43191625,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "1953.311140 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2020-05-08T08:03:21",
"trx_id": "62fb943cf5ca153fd26dfe1120158a0740bb2bcd",
"trx_in_block": 6,
"virtual_op": 0
}2020/03/05 03:48:15
2020/03/05 03:48:15
| author | steemitboard |
| body | Congratulations @cryptonvester! You received a personal award! <table><tr><td>https://steemitimages.com/70x70/http://steemitboard.com/@cryptonvester/birthday2.png</td><td>Happy Birthday! - You are on the Steem blockchain for 2 years!</td></tr></table> <sub>_You can view [your badges on your Steem Board](https://steemitboard.com/@cryptonvester) and compare to others on the [Steem Ranking](https://steemitboard.com/ranking/index.php?name=cryptonvester)_</sub> **Do not miss the last post from @steemitboard:** <table><tr><td><a href="https://steemit.com/steemitboard/@steemitboard/use-your-witness-votes-and-get-the-community-badge"><img src="https://steemitimages.com/64x128/https://cdn.steemitimages.com/DQmTugCUsoXX762vg1CuHRrpnPbfnjPogp8iCGv7F2kSVuj/image.png"></a></td><td><a href="https://steemit.com/steemitboard/@steemitboard/use-your-witness-votes-and-get-the-community-badge">Use your witness votes and get the Community Badge</a></td></tr></table> ###### [Vote for @Steemitboard as a witness](https://v2.steemconnect.com/sign/account-witness-vote?witness=steemitboard&approve=1) to get one more award and increased upvotes! |
| json metadata | {"image":["https://steemitboard.com/img/notify.png"]} |
| parent author | cryptonvester |
| parent permlink | fair-point-soggy-toasts-suck-zg1hbmlh-06clz |
| permlink | steemitboard-notify-cryptonvester-20200305t034815000z |
| title | |
| Transaction Info | Block #41375418/Trx add1f8f778037cc62e248345cf88fe72fa40bbc9 |
View Raw JSON Data
{
"block": 41375418,
"op": [
"comment",
{
"author": "steemitboard",
"body": "Congratulations @cryptonvester! You received a personal award!\n\n<table><tr><td>https://steemitimages.com/70x70/http://steemitboard.com/@cryptonvester/birthday2.png</td><td>Happy Birthday! - You are on the Steem blockchain for 2 years!</td></tr></table>\n\n<sub>_You can view [your badges on your Steem Board](https://steemitboard.com/@cryptonvester) and compare to others on the [Steem Ranking](https://steemitboard.com/ranking/index.php?name=cryptonvester)_</sub>\n\n\n**Do not miss the last post from @steemitboard:**\n<table><tr><td><a href=\"https://steemit.com/steemitboard/@steemitboard/use-your-witness-votes-and-get-the-community-badge\"><img src=\"https://steemitimages.com/64x128/https://cdn.steemitimages.com/DQmTugCUsoXX762vg1CuHRrpnPbfnjPogp8iCGv7F2kSVuj/image.png\"></a></td><td><a href=\"https://steemit.com/steemitboard/@steemitboard/use-your-witness-votes-and-get-the-community-badge\">Use your witness votes and get the Community Badge</a></td></tr></table>\n\n###### [Vote for @Steemitboard as a witness](https://v2.steemconnect.com/sign/account-witness-vote?witness=steemitboard&approve=1) to get one more award and increased upvotes!",
"json_metadata": "{\"image\":[\"https://steemitboard.com/img/notify.png\"]}",
"parent_author": "cryptonvester",
"parent_permlink": "fair-point-soggy-toasts-suck-zg1hbmlh-06clz",
"permlink": "steemitboard-notify-cryptonvester-20200305t034815000z",
"title": ""
}
],
"op_in_trx": 0,
"timestamp": "2020-03-05T03:48:15",
"trx_id": "add1f8f778037cc62e248345cf88fe72fa40bbc9",
"trx_in_block": 12,
"virtual_op": 0
}steemdelegated 5.868 SP to @cryptonvester2019/08/25 18:37:03
steemdelegated 5.868 SP to @cryptonvester
2019/08/25 18:37:03
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 9543.025499 VESTS |
| Transaction Info | Block #35868613/Trx 75909c1777790cc8d4eadb1d420ca5b08546baeb |
View Raw JSON Data
{
"block": 35868613,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "9543.025499 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2019-08-25T18:37:03",
"trx_id": "75909c1777790cc8d4eadb1d420ca5b08546baeb",
"trx_in_block": 30,
"virtual_op": 0
}2019/03/03 12:26:03
2019/03/03 12:26:03
| author | steemitboard |
| body | Congratulations @cryptonvester! You received a personal award! <table><tr><td>https://steemitimages.com/70x70/http://steemitboard.com/@cryptonvester/birthday1.png</td><td>Happy Birthday! - You are on the Steem blockchain for 1 year!</td></tr></table> <sub>_[Click here to view your Board](https://steemitboard.com/@cryptonvester)_</sub> **Do not miss the last post from @steemitboard:** <table><tr><td><a href="https://steemit.com/carnival/@steemitboard/carnival-2019"><img src="https://steemitimages.com/64x128/http://i.cubeupload.com/rltzHT.png"></a></td><td><a href="https://steemit.com/carnival/@steemitboard/carnival-2019">Carnival Challenge - Collect badge and win 5 STEEM</a></td></tr></table> ###### [Vote for @Steemitboard as a witness](https://v2.steemconnect.com/sign/account-witness-vote?witness=steemitboard&approve=1) and get one more award and increased upvotes! |
| json metadata | {"image":["https://steemitboard.com/img/notify.png"]} |
| parent author | cryptonvester |
| parent permlink | fair-point-soggy-toasts-suck-zg1hbmlh-06clz |
| permlink | steemitboard-notify-cryptonvester-20190303t122603000z |
| title | |
| Transaction Info | Block #30829339/Trx 256bd799b93ed2590ff97db22b1828f5e00497ad |
View Raw JSON Data
{
"block": 30829339,
"op": [
"comment",
{
"author": "steemitboard",
"body": "Congratulations @cryptonvester! You received a personal award!\n\n<table><tr><td>https://steemitimages.com/70x70/http://steemitboard.com/@cryptonvester/birthday1.png</td><td>Happy Birthday! - You are on the Steem blockchain for 1 year!</td></tr></table>\n\n<sub>_[Click here to view your Board](https://steemitboard.com/@cryptonvester)_</sub>\n\n\n**Do not miss the last post from @steemitboard:**\n<table><tr><td><a href=\"https://steemit.com/carnival/@steemitboard/carnival-2019\"><img src=\"https://steemitimages.com/64x128/http://i.cubeupload.com/rltzHT.png\"></a></td><td><a href=\"https://steemit.com/carnival/@steemitboard/carnival-2019\">Carnival Challenge - Collect badge and win 5 STEEM</a></td></tr></table>\n\n###### [Vote for @Steemitboard as a witness](https://v2.steemconnect.com/sign/account-witness-vote?witness=steemitboard&approve=1) and get one more award and increased upvotes!",
"json_metadata": "{\"image\":[\"https://steemitboard.com/img/notify.png\"]}",
"parent_author": "cryptonvester",
"parent_permlink": "fair-point-soggy-toasts-suck-zg1hbmlh-06clz",
"permlink": "steemitboard-notify-cryptonvester-20190303t122603000z",
"title": ""
}
],
"op_in_trx": 0,
"timestamp": "2019-03-03T12:26:03",
"trx_id": "256bd799b93ed2590ff97db22b1828f5e00497ad",
"trx_in_block": 11,
"virtual_op": 0
}steemdelegated 5.990 SP to @cryptonvester2018/09/12 08:20:24
steemdelegated 5.990 SP to @cryptonvester
2018/09/12 08:20:24
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 9741.311194 VESTS |
| Transaction Info | Block #25890154/Trx ab619126069957fa1f3724fcf270ee64f1ec27a0 |
View Raw JSON Data
{
"block": 25890154,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "9741.311194 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2018-09-12T08:20:24",
"trx_id": "ab619126069957fa1f3724fcf270ee64f1ec27a0",
"trx_in_block": 10,
"virtual_op": 0
}cryptonvesterpublished a new post: 2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure2018/06/13 06:27:09
cryptonvesterpublished a new post: 2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure
2018/06/13 06:27:09
| author | cryptonvester |
| body | @@ -2650,16 +2650,17 @@ ch occur +r ences ar |
| json metadata | {"tags":["security","data","php","hacking"],"image":["https://cdn.steemitimages.com/DQmbvzTbaCu5cFTVwed8CqEW7YGPGM8xhVZXkGrwYYLDAVm/image.png","https://cdn.steemitimages.com/DQmSQg5TpEouG2ZMyzogWrQkpzaTuPgKJU6MSVsRTExWXFi/image.png","https://cdn.steemitimages.com/DQmUqLkzonYs6caMGYrGUBDTuNuZHdissDB6vDxoMc6unun/image.png"],"app":"steemit/0.1","format":"markdown"} |
| parent author | |
| parent permlink | security |
| permlink | 2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure |
| title | 2017 OWASP Top 10 for PHP Developers Part 3: Sensitive Data Exposure |
| Transaction Info | Block #23278518/Trx 63ffbb8a08bfb5916a56addc7a20261a8e893c50 |
View Raw JSON Data
{
"block": 23278518,
"op": [
"comment",
{
"author": "cryptonvester",
"body": "@@ -2650,16 +2650,17 @@\n ch occur\n+r\n ences ar\n",
"json_metadata": "{\"tags\":[\"security\",\"data\",\"php\",\"hacking\"],\"image\":[\"https://cdn.steemitimages.com/DQmbvzTbaCu5cFTVwed8CqEW7YGPGM8xhVZXkGrwYYLDAVm/image.png\",\"https://cdn.steemitimages.com/DQmSQg5TpEouG2ZMyzogWrQkpzaTuPgKJU6MSVsRTExWXFi/image.png\",\"https://cdn.steemitimages.com/DQmUqLkzonYs6caMGYrGUBDTuNuZHdissDB6vDxoMc6unun/image.png\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\"}",
"parent_author": "",
"parent_permlink": "security",
"permlink": "2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure",
"title": "2017 OWASP Top 10 for PHP Developers Part 3: Sensitive Data Exposure"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-13T06:27:09",
"trx_id": "63ffbb8a08bfb5916a56addc7a20261a8e893c50",
"trx_in_block": 7,
"virtual_op": 0
}2018/06/13 06:26:27
2018/06/13 06:26:27
| author | grammarnazi |
| permlink | re-cryptonvester-2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure-20180607t171904370z |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #23278504/Trx 2ed9eb57a4f536c6f3f6b0f5ba497430f4a9205d |
View Raw JSON Data
{
"block": 23278504,
"op": [
"vote",
{
"author": "grammarnazi",
"permlink": "re-cryptonvester-2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure-20180607t171904370z",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-13T06:26:27",
"trx_id": "2ed9eb57a4f536c6f3f6b0f5ba497430f4a9205d",
"trx_in_block": 19,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @supercrypto1 / bitcoin-preparing-for-a-mega-move2018/06/12 15:09:03
cryptonvesterupvoted (100.00%) @supercrypto1 / bitcoin-preparing-for-a-mega-move
2018/06/12 15:09:03
| author | supercrypto1 |
| permlink | bitcoin-preparing-for-a-mega-move |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #23260159/Trx 3777336001654b099ff49feba5063cc09df50bca |
View Raw JSON Data
{
"block": 23260159,
"op": [
"vote",
{
"author": "supercrypto1",
"permlink": "bitcoin-preparing-for-a-mega-move",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-12T15:09:03",
"trx_id": "3777336001654b099ff49feba5063cc09df50bca",
"trx_in_block": 11,
"virtual_op": 0
}ubgupvoted (1.00%) @cryptonvester / fair-point-soggy-toasts-suck-zg1hbmlh-06clz2018/06/10 06:48:18
ubgupvoted (1.00%) @cryptonvester / fair-point-soggy-toasts-suck-zg1hbmlh-06clz
2018/06/10 06:48:18
| author | cryptonvester |
| permlink | fair-point-soggy-toasts-suck-zg1hbmlh-06clz |
| voter | ubg |
| weight | 100 (1.00%) |
| Transaction Info | Block #23193126/Trx 9b11c7cc25289935d86d195328eab4e48f5fec94 |
View Raw JSON Data
{
"block": 23193126,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "fair-point-soggy-toasts-suck-zg1hbmlh-06clz",
"voter": "ubg",
"weight": 100
}
],
"op_in_trx": 0,
"timestamp": "2018-06-10T06:48:18",
"trx_id": "9b11c7cc25289935d86d195328eab4e48f5fec94",
"trx_in_block": 39,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @cryptonvester / fair-point-soggy-toasts-suck-zg1hbmlh-06clz2018/06/10 06:47:06
cryptonvesterupvoted (100.00%) @cryptonvester / fair-point-soggy-toasts-suck-zg1hbmlh-06clz
2018/06/10 06:47:06
| author | cryptonvester |
| permlink | fair-point-soggy-toasts-suck-zg1hbmlh-06clz |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #23193102/Trx d88aca5227d82ef35d91410f7f1342d24d8c24b8 |
View Raw JSON Data
{
"block": 23193102,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "fair-point-soggy-toasts-suck-zg1hbmlh-06clz",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-10T06:47:06",
"trx_id": "d88aca5227d82ef35d91410f7f1342d24d8c24b8",
"trx_in_block": 52,
"virtual_op": 0
}cryptonvesterupdated options for fair-point-soggy-toasts-suck-zg1hbmlh-06clz2018/06/10 06:47:03
cryptonvesterupdated options for fair-point-soggy-toasts-suck-zg1hbmlh-06clz
2018/06/10 06:47:03
| allow curation rewards | true |
| allow votes | true |
| author | cryptonvester |
| extensions | [[0,{"beneficiaries":[{"account":"cnts","weight":500},{"account":"dmania","weight":1000},{"account":"rangertx","weight":500},{"account":"vonabell","weight":500}]}]] |
| max accepted payout | 1000000.000 SBD |
| percent steem dollars | 10000 |
| permlink | fair-point-soggy-toasts-suck-zg1hbmlh-06clz |
| Transaction Info | Block #23193101/Trx af2a1ff20cc4678aba954178e27373cc626db689 |
View Raw JSON Data
{
"block": 23193101,
"op": [
"comment_options",
{
"allow_curation_rewards": true,
"allow_votes": true,
"author": "cryptonvester",
"extensions": [
[
0,
{
"beneficiaries": [
{
"account": "cnts",
"weight": 500
},
{
"account": "dmania",
"weight": 1000
},
{
"account": "rangertx",
"weight": 500
},
{
"account": "vonabell",
"weight": 500
}
]
}
]
],
"max_accepted_payout": "1000000.000 SBD",
"percent_steem_dollars": 10000,
"permlink": "fair-point-soggy-toasts-suck-zg1hbmlh-06clz"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-10T06:47:03",
"trx_id": "af2a1ff20cc4678aba954178e27373cc626db689",
"trx_in_block": 41,
"virtual_op": 0
}cryptonvesterpublished a new post: fair-point-soggy-toasts-suck-zg1hbmlh-06clz2018/06/10 06:47:03
cryptonvesterpublished a new post: fair-point-soggy-toasts-suck-zg1hbmlh-06clz
2018/06/10 06:47:03
| author | cryptonvester |
| body | <center> <a href="https://dmania.lol/post/cryptonvester/fair-point-soggy-toasts-suck-zg1hbmlh-06clz"> <img src="https://s3-eu-west-1.amazonaws.com/dmania-images/meme-21-fair-point-soggy-toasts-suck-ykncymq.jpg"> </a> <h3><a href="https://dmania.lol/post/cryptonvester/fair-point-soggy-toasts-suck-zg1hbmlh-06clz">View post on dMania</a></h3> <a href="https://dmania.lol"> <img src="https://dmania.lol/assets/img/dmania_steemit_post.png"> </a> </center> |
| json metadata | {"tags":["dmania","meme","funny","powerpuff","girls"],"image":["https://s3-eu-west-1.amazonaws.com/dmania-images/meme-21-fair-point-soggy-toasts-suck-ykncymq.jpg"],"isGIF":false,"app":"dmania/0.7"} |
| parent author | |
| parent permlink | dmania |
| permlink | fair-point-soggy-toasts-suck-zg1hbmlh-06clz |
| title | Fair Point, Soggy Toasts Suck |
| Transaction Info | Block #23193101/Trx af2a1ff20cc4678aba954178e27373cc626db689 |
View Raw JSON Data
{
"block": 23193101,
"op": [
"comment",
{
"author": "cryptonvester",
"body": "<center>\n <a href=\"https://dmania.lol/post/cryptonvester/fair-point-soggy-toasts-suck-zg1hbmlh-06clz\">\n <img src=\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-21-fair-point-soggy-toasts-suck-ykncymq.jpg\">\n </a>\n <h3><a href=\"https://dmania.lol/post/cryptonvester/fair-point-soggy-toasts-suck-zg1hbmlh-06clz\">View post on dMania</a></h3>\n <a href=\"https://dmania.lol\">\n <img src=\"https://dmania.lol/assets/img/dmania_steemit_post.png\">\n </a>\n </center>",
"json_metadata": "{\"tags\":[\"dmania\",\"meme\",\"funny\",\"powerpuff\",\"girls\"],\"image\":[\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-21-fair-point-soggy-toasts-suck-ykncymq.jpg\"],\"isGIF\":false,\"app\":\"dmania/0.7\"}",
"parent_author": "",
"parent_permlink": "dmania",
"permlink": "fair-point-soggy-toasts-suck-zg1hbmlh-06clz",
"title": "Fair Point, Soggy Toasts Suck"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-10T06:47:03",
"trx_id": "af2a1ff20cc4678aba954178e27373cc626db689",
"trx_in_block": 41,
"virtual_op": 0
}2018/06/07 17:40:30
2018/06/07 17:40:30
| author | tomask-de |
| body | Nice read. I leave an upvote for this article *thumbsup* |
| json metadata | {} |
| parent author | cryptonvester |
| parent permlink | 2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure |
| permlink | re-cryptonvester-2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure-20180607t174029542z |
| title | fossbot voter comment |
| Transaction Info | Block #23119791/Trx 1563bae1440e737292a1ce2af8fe30fced9653ee |
View Raw JSON Data
{
"block": 23119791,
"op": [
"comment",
{
"author": "tomask-de",
"body": "Nice read. I leave an upvote for this article *thumbsup*",
"json_metadata": "{}",
"parent_author": "cryptonvester",
"parent_permlink": "2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure",
"permlink": "re-cryptonvester-2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure-20180607t174029542z",
"title": "fossbot voter comment"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-07T17:40:30",
"trx_id": "1563bae1440e737292a1ce2af8fe30fced9653ee",
"trx_in_block": 7,
"virtual_op": 0
}2018/06/07 17:40:21
2018/06/07 17:40:21
| author | cryptonvester |
| permlink | 2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure |
| voter | tomask-de |
| weight | 10000 (100.00%) |
| Transaction Info | Block #23119788/Trx adfaa661aef1aaeeaf658cd9ba6af85b36403f92 |
View Raw JSON Data
{
"block": 23119788,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure",
"voter": "tomask-de",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-07T17:40:21",
"trx_id": "adfaa661aef1aaeeaf658cd9ba6af85b36403f92",
"trx_in_block": 3,
"virtual_op": 0
}2018/06/07 17:18:27
2018/06/07 17:18:27
| author | cryptonvester |
| permlink | 2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure |
| voter | grammarnazi |
| weight | 5000 (50.00%) |
| Transaction Info | Block #23119350/Trx dffca160635570d55c0309232b2d354ca2f72c13 |
View Raw JSON Data
{
"block": 23119350,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure",
"voter": "grammarnazi",
"weight": 5000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-07T17:18:27",
"trx_id": "dffca160635570d55c0309232b2d354ca2f72c13",
"trx_in_block": 58,
"virtual_op": 0
}2018/06/07 17:18:24
2018/06/07 17:18:24
| author | grammarnazi |
| body | You have a minor misspelling in the following sentence: <blockquote>Even though both Firefox and Google Chrome does give out security warnings when visiting an authentication form over HTTP, such occurences are still very common:.</blockquote> It should be <i>occurrences</i> instead of <i>occurences</i>. |
| json metadata | {"app":"steemit"} |
| parent author | cryptonvester |
| parent permlink | 2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure |
| permlink | re-cryptonvester-2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure-20180607t171904370z |
| title | Minor Correction |
| Transaction Info | Block #23119349/Trx 329a1ae7f6c38a446a0985ef65e920dd05e75f30 |
View Raw JSON Data
{
"block": 23119349,
"op": [
"comment",
{
"author": "grammarnazi",
"body": "You have a minor misspelling in the following sentence: <blockquote>Even though both Firefox and Google Chrome does give out security warnings when visiting an authentication form over HTTP, such occurences are still very common:.</blockquote> It should be <i>occurrences</i> instead of <i>occurences</i>.",
"json_metadata": "{\"app\":\"steemit\"}",
"parent_author": "cryptonvester",
"parent_permlink": "2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure",
"permlink": "re-cryptonvester-2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure-20180607t171904370z",
"title": "Minor Correction"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-07T17:18:24",
"trx_id": "329a1ae7f6c38a446a0985ef65e920dd05e75f30",
"trx_in_block": 46,
"virtual_op": 0
}2018/06/07 17:18:24
2018/06/07 17:18:24
| author | cryptonvester |
| permlink | 2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #23119349/Trx f7b324e12a24d6cd0cfa108fb41efad809e1e0af |
View Raw JSON Data
{
"block": 23119349,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-07T17:18:24",
"trx_id": "f7b324e12a24d6cd0cfa108fb41efad809e1e0af",
"trx_in_block": 45,
"virtual_op": 0
}cryptonvesterpublished a new post: 2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure2018/06/07 17:18:15
cryptonvesterpublished a new post: 2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure
2018/06/07 17:18:15
| author | cryptonvester |
| body | There is a lot of exposed data floating on the web. People hear about such events all the time – it seems like data breaches are becoming more and more common. With data breaches being so prevalent, one would expect people should protect their data better. However, with many developers underestimating the importance of protecting private data, this isn’t always the case – when developers fail to adequately protect data, sensitive data exposure might occur. Sensitive data exposure is currently ranked number three in the 2017 OWASP Top 10 vulnerabilities list – that makes it a pretty significant vulnerability, and that is what I am covering today. **What is it?** Sensitive data exposure is such a vulnerability that occurs when an application fails to protect sensitive information. Sensitive information can be either passwords, session tokens, credit cards or other data. **How prevalent is it?** Such a vulnerability is very, very prevalent. Every other day we see data leaks from all sorts of companies – be it small discussion forums or big social media websites. Noone is exempt from data breaches – that’s the harsh reality we have to deal with. The impact of sensitive data exposure may vary depending on what data was exposed. For example, if the exposed data would contain only email addresses, the impact would not be very high. On the other hand, if the exposed data also contained passwords, credit cards and other information, you’ve got yourself a way bigger problem. **How to protect against it?** There are a few ways developers can prevent sensitive data exposure. As usual, I will list some of them below, then talk about each of them. To protect against sensitive data exposure, developers can (and should) ensure that the following steps are performed: * All authentication pages should be served over SSL * Sensitive data should only be stored when necessary * Stored sensitive data should be adequately protected **Authentication pages should be served over SSL** Serving authentication pages over an unencrypted connection is bad – in order to maintain a secure connection between the website and the browser, HTTPS must be used. Serving pages with password and / or credit card input fields over HTTP will produce this on Firefox:  Chrome on the other hand behaves like this:  Even though both Firefox and Google Chrome does give out security warnings when visiting an authentication form over HTTP, such occurences are still very common:  Warnings are not the only thing you should be concerned about too: credentials transmitted over an unencrypted connection could be intercepted. **Sensitive data should only be stored when necessary** Sensitive data should only be stored when such actions are a necessity and it should be removed immediately when it’s no longer needed. Storing unnecessary data can waste your money and disk space by the virtue of you backing it up and it also presents a security risk – the more data is stored, the more of it can be stolen. **Stored sensitive data should be adequately protected** At last but not least, if you do store sensitive data, protect it. By saying “protect it” I mean if you do store passwords, hash them. If your organization handles credit card data, make sure your website complies with the Payment Card Industry Data Security Standard (PCI-DSS). And, if you do suffer a data breach, please let your website visitors know. **The recap** Though I did mention three very important security precautions that should be taken to ensure that the chances of sensitive data being exposed could be minified, the points I made are far from exhaustive – you could also implement a defense-in-depth mechanism meaning you could use a Web Application Firewall (WAF) to protect your website from threats and so on. |
| json metadata | {"tags":["security","data","php","hacking"],"image":["https://cdn.steemitimages.com/DQmbvzTbaCu5cFTVwed8CqEW7YGPGM8xhVZXkGrwYYLDAVm/image.png","https://cdn.steemitimages.com/DQmSQg5TpEouG2ZMyzogWrQkpzaTuPgKJU6MSVsRTExWXFi/image.png","https://cdn.steemitimages.com/DQmUqLkzonYs6caMGYrGUBDTuNuZHdissDB6vDxoMc6unun/image.png"],"app":"steemit/0.1","format":"markdown"} |
| parent author | |
| parent permlink | security |
| permlink | 2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure |
| title | 2017 OWASP Top 10 for PHP Developers Part 3: Sensitive Data Exposure |
| Transaction Info | Block #23119346/Trx 5e44af515885c24811ac19e72e0eb3cae325026c |
View Raw JSON Data
{
"block": 23119346,
"op": [
"comment",
{
"author": "cryptonvester",
"body": "There is a lot of exposed data floating on the web. People hear about such events all the time – it seems like data breaches are becoming more and more common. \n\nWith data breaches being so prevalent, one would expect people should protect their data better. However, with many developers underestimating the importance of protecting private data, this isn’t always the case – when developers fail to adequately protect data, sensitive data exposure might occur.\n\n Sensitive data exposure is currently ranked number three in the 2017 OWASP Top 10 vulnerabilities list – that makes it a pretty significant vulnerability, and that is what I am covering today.\n\n**What is it?**\n\nSensitive data exposure is such a vulnerability that occurs when an application fails to protect sensitive information. Sensitive information can be either passwords, session tokens, credit cards or other data.\n\n**How prevalent is it?**\n\nSuch a vulnerability is very, very prevalent. Every other day we see data leaks from all sorts of companies – be it small discussion forums or big social media websites. Noone is exempt from data breaches – that’s the harsh reality we have to deal with.\n\nThe impact of sensitive data exposure may vary depending on what data was exposed. For example, if the exposed data would contain only email addresses, the impact would not be very high. \nOn the other hand, if the exposed data also contained passwords, credit cards and other information, you’ve got yourself a way bigger problem.\n\n**How to protect against it?**\n\nThere are a few ways developers can prevent sensitive data exposure. As usual, I will list some of them below, then talk about each of them.\n\nTo protect against sensitive data exposure, developers can (and should) ensure that the following steps are performed:\n\n * All authentication pages should be served over SSL\n * Sensitive data should only be stored when necessary\n * Stored sensitive data should be adequately protected\n\n**Authentication pages should be served over SSL**\n\nServing authentication pages over an unencrypted connection is bad – in order to maintain a secure connection between the website and the browser, HTTPS must be used.\n\nServing pages with password and / or credit card input fields over HTTP will produce this on Firefox:\n\n\nChrome on the other hand behaves like this:\n\n\n\nEven though both Firefox and Google Chrome does give out security warnings when visiting an authentication form over HTTP, such occurences are still very common:\n\n\nWarnings are not the only thing you should be concerned about too: credentials transmitted over an unencrypted connection could be intercepted.\n\n**Sensitive data should only be stored when necessary**\n\nSensitive data should only be stored when such actions are a necessity and it should be removed immediately when it’s no longer needed.\n Storing unnecessary data can waste your money and disk space by the virtue of you backing it up and it also presents a security risk – the more data is stored, the more of it can be stolen.\n\n**Stored sensitive data should be adequately protected**\n\nAt last but not least, if you do store sensitive data, protect it. By saying “protect it” I mean if you do store passwords, hash them. \nIf your organization handles credit card data, make sure your website complies with the Payment Card Industry Data Security Standard (PCI-DSS). And, if you do suffer a data breach, please let your website visitors know.\n\n**The recap**\n\nThough I did mention three very important security precautions that should be taken to ensure that the chances of sensitive data being exposed could be minified, the points I made are far from exhaustive – you could also implement a defense-in-depth mechanism meaning you could use a Web Application Firewall (WAF) to protect your website from threats and so on.",
"json_metadata": "{\"tags\":[\"security\",\"data\",\"php\",\"hacking\"],\"image\":[\"https://cdn.steemitimages.com/DQmbvzTbaCu5cFTVwed8CqEW7YGPGM8xhVZXkGrwYYLDAVm/image.png\",\"https://cdn.steemitimages.com/DQmSQg5TpEouG2ZMyzogWrQkpzaTuPgKJU6MSVsRTExWXFi/image.png\",\"https://cdn.steemitimages.com/DQmUqLkzonYs6caMGYrGUBDTuNuZHdissDB6vDxoMc6unun/image.png\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\"}",
"parent_author": "",
"parent_permlink": "security",
"permlink": "2017-owasp-top-10-for-php-developers-part-3-sensitive-data-exposure",
"title": "2017 OWASP Top 10 for PHP Developers Part 3: Sensitive Data Exposure"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-07T17:18:15",
"trx_id": "5e44af515885c24811ac19e72e0eb3cae325026c",
"trx_in_block": 5,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @marel / tough-challenge-zg1hbmlh-n915y2018/06/06 11:32:00
cryptonvesterupvoted (100.00%) @marel / tough-challenge-zg1hbmlh-n915y
2018/06/06 11:32:00
| author | marel |
| permlink | tough-challenge-zg1hbmlh-n915y |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #23083633/Trx 7f451390aa9f03acd3e52e45b758ec1ca57d8950 |
View Raw JSON Data
{
"block": 23083633,
"op": [
"vote",
{
"author": "marel",
"permlink": "tough-challenge-zg1hbmlh-n915y",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-06T11:32:00",
"trx_id": "7f451390aa9f03acd3e52e45b758ec1ca57d8950",
"trx_in_block": 21,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @thepholosopher / if-only-teachers-were-this-honest-zg1hbmlh-zt7292018/06/06 11:31:03
cryptonvesterupvoted (100.00%) @thepholosopher / if-only-teachers-were-this-honest-zg1hbmlh-zt729
2018/06/06 11:31:03
| author | thepholosopher |
| permlink | if-only-teachers-were-this-honest-zg1hbmlh-zt729 |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #23083614/Trx 4bd2b9271f8d54ec30298d148794aef86da4ce8f |
View Raw JSON Data
{
"block": 23083614,
"op": [
"vote",
{
"author": "thepholosopher",
"permlink": "if-only-teachers-were-this-honest-zg1hbmlh-zt729",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-06T11:31:03",
"trx_id": "4bd2b9271f8d54ec30298d148794aef86da4ce8f",
"trx_in_block": 28,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @pikachu35 / just-chemicals-man-zg1hbmlh-4jx8v2018/06/06 11:28:57
cryptonvesterupvoted (100.00%) @pikachu35 / just-chemicals-man-zg1hbmlh-4jx8v
2018/06/06 11:28:57
| author | pikachu35 |
| permlink | just-chemicals-man-zg1hbmlh-4jx8v |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #23083572/Trx e60b6d330ca7c291c5a1af8e2e2dfcb3e86d7843 |
View Raw JSON Data
{
"block": 23083572,
"op": [
"vote",
{
"author": "pikachu35",
"permlink": "just-chemicals-man-zg1hbmlh-4jx8v",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-06T11:28:57",
"trx_id": "e60b6d330ca7c291c5a1af8e2e2dfcb3e86d7843",
"trx_in_block": 41,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @mesutkrgln / dental-inspection-service-zg1hbmlh-69psc2018/06/06 11:28:48
cryptonvesterupvoted (100.00%) @mesutkrgln / dental-inspection-service-zg1hbmlh-69psc
2018/06/06 11:28:48
| author | mesutkrgln |
| permlink | dental-inspection-service-zg1hbmlh-69psc |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #23083569/Trx 97c35966ce534860949231ea2bd77a013eb60cc3 |
View Raw JSON Data
{
"block": 23083569,
"op": [
"vote",
{
"author": "mesutkrgln",
"permlink": "dental-inspection-service-zg1hbmlh-69psc",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-06T11:28:48",
"trx_id": "97c35966ce534860949231ea2bd77a013eb60cc3",
"trx_in_block": 26,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @stmeme / drink-hack-zg1hbmlh-8n75z2018/06/06 11:28:45
cryptonvesterupvoted (100.00%) @stmeme / drink-hack-zg1hbmlh-8n75z
2018/06/06 11:28:45
| author | stmeme |
| permlink | drink-hack-zg1hbmlh-8n75z |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #23083568/Trx 0d5fda38a6c8f6a22e87e106e29eea1da06b6b1a |
View Raw JSON Data
{
"block": 23083568,
"op": [
"vote",
{
"author": "stmeme",
"permlink": "drink-hack-zg1hbmlh-8n75z",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-06T11:28:45",
"trx_id": "0d5fda38a6c8f6a22e87e106e29eea1da06b6b1a",
"trx_in_block": 36,
"virtual_op": 0
}kylorenjuniorupvoted (100.00%) @cryptonvester / average-dmania-user-zg1hbmlh-8r0yv2018/06/05 18:19:18
kylorenjuniorupvoted (100.00%) @cryptonvester / average-dmania-user-zg1hbmlh-8r0yv
2018/06/05 18:19:18
| author | cryptonvester |
| permlink | average-dmania-user-zg1hbmlh-8r0yv |
| voter | kylorenjunior |
| weight | 10000 (100.00%) |
| Transaction Info | Block #23062983/Trx 39a9c000bccb808cda57aa2f18007ddc8158b1af |
View Raw JSON Data
{
"block": 23062983,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "average-dmania-user-zg1hbmlh-8r0yv",
"voter": "kylorenjunior",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-05T18:19:18",
"trx_id": "39a9c000bccb808cda57aa2f18007ddc8158b1af",
"trx_in_block": 7,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @cryptonvester / average-dmania-user-zg1hbmlh-8r0yv2018/06/05 16:52:48
cryptonvesterupvoted (100.00%) @cryptonvester / average-dmania-user-zg1hbmlh-8r0yv
2018/06/05 16:52:48
| author | cryptonvester |
| permlink | average-dmania-user-zg1hbmlh-8r0yv |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #23061253/Trx 874e32032981395851e5d65a9a37a822b84b66fd |
View Raw JSON Data
{
"block": 23061253,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "average-dmania-user-zg1hbmlh-8r0yv",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-05T16:52:48",
"trx_id": "874e32032981395851e5d65a9a37a822b84b66fd",
"trx_in_block": 37,
"virtual_op": 0
}cryptonvesterupdated options for average-dmania-user-zg1hbmlh-8r0yv2018/06/05 16:52:45
cryptonvesterupdated options for average-dmania-user-zg1hbmlh-8r0yv
2018/06/05 16:52:45
| allow curation rewards | true |
| allow votes | true |
| author | cryptonvester |
| extensions | [[0,{"beneficiaries":[{"account":"dmania","weight":1000},{"account":"octav","weight":500},{"account":"rogerek","weight":500},{"account":"thegrinder","weight":500}]}]] |
| max accepted payout | 1000000.000 SBD |
| percent steem dollars | 10000 |
| permlink | average-dmania-user-zg1hbmlh-8r0yv |
| Transaction Info | Block #23061252/Trx 43c7aaabaf423679139f6228f6777657f3f3395c |
View Raw JSON Data
{
"block": 23061252,
"op": [
"comment_options",
{
"allow_curation_rewards": true,
"allow_votes": true,
"author": "cryptonvester",
"extensions": [
[
0,
{
"beneficiaries": [
{
"account": "dmania",
"weight": 1000
},
{
"account": "octav",
"weight": 500
},
{
"account": "rogerek",
"weight": 500
},
{
"account": "thegrinder",
"weight": 500
}
]
}
]
],
"max_accepted_payout": "1000000.000 SBD",
"percent_steem_dollars": 10000,
"permlink": "average-dmania-user-zg1hbmlh-8r0yv"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-05T16:52:45",
"trx_id": "43c7aaabaf423679139f6228f6777657f3f3395c",
"trx_in_block": 37,
"virtual_op": 0
}cryptonvesterpublished a new post: average-dmania-user-zg1hbmlh-8r0yv2018/06/05 16:52:45
cryptonvesterpublished a new post: average-dmania-user-zg1hbmlh-8r0yv
2018/06/05 16:52:45
| author | cryptonvester |
| body | <center> <a href="https://dmania.lol/post/cryptonvester/average-dmania-user-zg1hbmlh-8r0yv"> <img src="https://s3-eu-west-1.amazonaws.com/dmania-images/meme-20-sad-story-a164mwc.jpg"> </a> <h3><a href="https://dmania.lol/post/cryptonvester/average-dmania-user-zg1hbmlh-8r0yv">View post on dMania</a></h3> <a href="https://dmania.lol"> <img src="https://dmania.lol/assets/img/dmania_steemit_post.png"> </a> </center> |
| json metadata | {"tags":["dmania","meme","funny","simpsons","dmania"],"image":["https://s3-eu-west-1.amazonaws.com/dmania-images/meme-20-sad-story-a164mwc.jpg"],"isGIF":false,"app":"dmania/0.7"} |
| parent author | |
| parent permlink | dmania |
| permlink | average-dmania-user-zg1hbmlh-8r0yv |
| title | Average Dmania user |
| Transaction Info | Block #23061252/Trx 43c7aaabaf423679139f6228f6777657f3f3395c |
View Raw JSON Data
{
"block": 23061252,
"op": [
"comment",
{
"author": "cryptonvester",
"body": "<center>\n <a href=\"https://dmania.lol/post/cryptonvester/average-dmania-user-zg1hbmlh-8r0yv\">\n <img src=\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-20-sad-story-a164mwc.jpg\">\n </a>\n <h3><a href=\"https://dmania.lol/post/cryptonvester/average-dmania-user-zg1hbmlh-8r0yv\">View post on dMania</a></h3>\n <a href=\"https://dmania.lol\">\n <img src=\"https://dmania.lol/assets/img/dmania_steemit_post.png\">\n </a>\n </center>",
"json_metadata": "{\"tags\":[\"dmania\",\"meme\",\"funny\",\"simpsons\",\"dmania\"],\"image\":[\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-20-sad-story-a164mwc.jpg\"],\"isGIF\":false,\"app\":\"dmania/0.7\"}",
"parent_author": "",
"parent_permlink": "dmania",
"permlink": "average-dmania-user-zg1hbmlh-8r0yv",
"title": "Average Dmania user"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-05T16:52:45",
"trx_id": "43c7aaabaf423679139f6228f6777657f3f3395c",
"trx_in_block": 37,
"virtual_op": 0
}ajuwayaupvoted (100.00%) @cryptonvester / tom-and-jerry-zg1hbmlh-786k92018/06/03 12:51:45
ajuwayaupvoted (100.00%) @cryptonvester / tom-and-jerry-zg1hbmlh-786k9
2018/06/03 12:51:45
| author | cryptonvester |
| permlink | tom-and-jerry-zg1hbmlh-786k9 |
| voter | ajuwaya |
| weight | 10000 (100.00%) |
| Transaction Info | Block #22998854/Trx d19239da67ad55abaeb9df3ae545714f1ce83a08 |
View Raw JSON Data
{
"block": 22998854,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "tom-and-jerry-zg1hbmlh-786k9",
"voter": "ajuwaya",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-03T12:51:45",
"trx_id": "d19239da67ad55abaeb9df3ae545714f1ce83a08",
"trx_in_block": 27,
"virtual_op": 0
}chenlocusupvoted (100.00%) @cryptonvester / tom-and-jerry-zg1hbmlh-786k92018/06/03 12:42:27
chenlocusupvoted (100.00%) @cryptonvester / tom-and-jerry-zg1hbmlh-786k9
2018/06/03 12:42:27
| author | cryptonvester |
| permlink | tom-and-jerry-zg1hbmlh-786k9 |
| voter | chenlocus |
| weight | 10000 (100.00%) |
| Transaction Info | Block #22998668/Trx d40969b8037115225f5e2f3b480f482762b8bcd7 |
View Raw JSON Data
{
"block": 22998668,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "tom-and-jerry-zg1hbmlh-786k9",
"voter": "chenlocus",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-03T12:42:27",
"trx_id": "d40969b8037115225f5e2f3b480f482762b8bcd7",
"trx_in_block": 2,
"virtual_op": 0
}2018/06/03 12:20:48
2018/06/03 12:20:48
| author | a-0-0 |
| body | if you want me to resteem your post to over 72,500 followers go here https://steemit.com/@a-0-0 |
| json metadata | {"tags":["dmania"],"links":["https://steemit.com/@a-0-0"],"app":"steemit/0.1"} |
| parent author | cryptonvester |
| parent permlink | tom-and-jerry-zg1hbmlh-786k9 |
| permlink | re-cryptonvester-tom-and-jerry-zg1hbmlh-786k9-20180603t122050050z |
| title | |
| Transaction Info | Block #22998235/Trx a0db7afb091d0e68550c565b038d355fe43044ea |
View Raw JSON Data
{
"block": 22998235,
"op": [
"comment",
{
"author": "a-0-0",
"body": "if you want me to resteem your post to over 72,500 followers go here https://steemit.com/@a-0-0",
"json_metadata": "{\"tags\":[\"dmania\"],\"links\":[\"https://steemit.com/@a-0-0\"],\"app\":\"steemit/0.1\"}",
"parent_author": "cryptonvester",
"parent_permlink": "tom-and-jerry-zg1hbmlh-786k9",
"permlink": "re-cryptonvester-tom-and-jerry-zg1hbmlh-786k9-20180603t122050050z",
"title": ""
}
],
"op_in_trx": 0,
"timestamp": "2018-06-03T12:20:48",
"trx_id": "a0db7afb091d0e68550c565b038d355fe43044ea",
"trx_in_block": 34,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @cryptonvester / tom-and-jerry-zg1hbmlh-786k92018/06/03 12:20:45
cryptonvesterupvoted (100.00%) @cryptonvester / tom-and-jerry-zg1hbmlh-786k9
2018/06/03 12:20:45
| author | cryptonvester |
| permlink | tom-and-jerry-zg1hbmlh-786k9 |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #22998234/Trx 7be252e01795333f34f4102437c4916b96fe5a37 |
View Raw JSON Data
{
"block": 22998234,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "tom-and-jerry-zg1hbmlh-786k9",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-03T12:20:45",
"trx_id": "7be252e01795333f34f4102437c4916b96fe5a37",
"trx_in_block": 69,
"virtual_op": 0
}cryptonvesterupdated options for tom-and-jerry-zg1hbmlh-786k92018/06/03 12:20:42
cryptonvesterupdated options for tom-and-jerry-zg1hbmlh-786k9
2018/06/03 12:20:42
| allow curation rewards | true |
| allow votes | true |
| author | cryptonvester |
| extensions | [[0,{"beneficiaries":[{"account":"cnts","weight":500},{"account":"dmania","weight":1000},{"account":"northeast","weight":500},{"account":"vonabell","weight":500}]}]] |
| max accepted payout | 1000000.000 SBD |
| percent steem dollars | 10000 |
| permlink | tom-and-jerry-zg1hbmlh-786k9 |
| Transaction Info | Block #22998233/Trx 5df99f124e706bb331507d58765609fcd0af2330 |
View Raw JSON Data
{
"block": 22998233,
"op": [
"comment_options",
{
"allow_curation_rewards": true,
"allow_votes": true,
"author": "cryptonvester",
"extensions": [
[
0,
{
"beneficiaries": [
{
"account": "cnts",
"weight": 500
},
{
"account": "dmania",
"weight": 1000
},
{
"account": "northeast",
"weight": 500
},
{
"account": "vonabell",
"weight": 500
}
]
}
]
],
"max_accepted_payout": "1000000.000 SBD",
"percent_steem_dollars": 10000,
"permlink": "tom-and-jerry-zg1hbmlh-786k9"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-03T12:20:42",
"trx_id": "5df99f124e706bb331507d58765609fcd0af2330",
"trx_in_block": 35,
"virtual_op": 0
}cryptonvesterpublished a new post: tom-and-jerry-zg1hbmlh-786k92018/06/03 12:20:42
cryptonvesterpublished a new post: tom-and-jerry-zg1hbmlh-786k9
2018/06/03 12:20:42
| author | cryptonvester |
| body | <center> <a href="https://dmania.lol/post/cryptonvester/tom-and-jerry-zg1hbmlh-786k9"> <img src="https://s3-eu-west-1.amazonaws.com/dmania-images/meme-19-innovation-yh58i74.jpg"> </a> <h3><a href="https://dmania.lol/post/cryptonvester/tom-and-jerry-zg1hbmlh-786k9">View post on dMania</a></h3> <a href="https://dmania.lol"> <img src="https://dmania.lol/assets/img/dmania_steemit_post.png"> </a> </center> |
| json metadata | {"tags":["dmania","meme","cartoon","anime","onepunch"],"image":["https://s3-eu-west-1.amazonaws.com/dmania-images/meme-19-innovation-yh58i74.jpg"],"isGIF":false,"app":"dmania/0.7"} |
| parent author | |
| parent permlink | dmania |
| permlink | tom-and-jerry-zg1hbmlh-786k9 |
| title | Tom and Jerry |
| Transaction Info | Block #22998233/Trx 5df99f124e706bb331507d58765609fcd0af2330 |
View Raw JSON Data
{
"block": 22998233,
"op": [
"comment",
{
"author": "cryptonvester",
"body": "<center>\n <a href=\"https://dmania.lol/post/cryptonvester/tom-and-jerry-zg1hbmlh-786k9\">\n <img src=\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-19-innovation-yh58i74.jpg\">\n </a>\n <h3><a href=\"https://dmania.lol/post/cryptonvester/tom-and-jerry-zg1hbmlh-786k9\">View post on dMania</a></h3>\n <a href=\"https://dmania.lol\">\n <img src=\"https://dmania.lol/assets/img/dmania_steemit_post.png\">\n </a>\n </center>",
"json_metadata": "{\"tags\":[\"dmania\",\"meme\",\"cartoon\",\"anime\",\"onepunch\"],\"image\":[\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-19-innovation-yh58i74.jpg\"],\"isGIF\":false,\"app\":\"dmania/0.7\"}",
"parent_author": "",
"parent_permlink": "dmania",
"permlink": "tom-and-jerry-zg1hbmlh-786k9",
"title": "Tom and Jerry"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-03T12:20:42",
"trx_id": "5df99f124e706bb331507d58765609fcd0af2330",
"trx_in_block": 35,
"virtual_op": 0
}2018/06/03 09:02:27
2018/06/03 09:02:27
| author | cryptonvester |
| permlink | 2017-owasp-top-10-for-php-developers-part-2-broken-authentication-and-session-management |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #22994268/Trx 19939ac520096294c4c2f68737e1fe1943db727f |
View Raw JSON Data
{
"block": 22994268,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "2017-owasp-top-10-for-php-developers-part-2-broken-authentication-and-session-management",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-03T09:02:27",
"trx_id": "19939ac520096294c4c2f68737e1fe1943db727f",
"trx_in_block": 0,
"virtual_op": 0
}2018/06/03 09:01:42
2018/06/03 09:01:42
| author | cryptonvester |
| body |  While browsing the web, you click on a link. The link leads you to a page like this:  Looks like a usual login page, right? Let’s try logging in.  You go off to Discord and your friend asks for the URL of the login page, you provide him with this:  Your friend clicks on the URL and..  Wait – he’s logged in? He did not authenticate, how is this possible? To understand why this happened, we need to jump back in time and remember the URL that was sent. The URL looked like this:  Including a session ID in the URL might not seem very significant at first, but think about it: what if this was your bank? You just sent off a URL that allows access to your account with money in it. Not a very fun scenario, is it? Such a flaw is known as Broken Authentication and Session Management and it is #2 on the 2017 OWASP Top 10. In this and the upcoming blog posts I’ll try to cover all of the 2017 OWASP Top 10 vulnerabilities. I will not be covering injection because I already did that in a previous blog post, so I will start from a flaw number two. **What is it?** Such a vulnerability can allow an attacker to capture or bypass the authentication method that is used by a web application. An application might be vulnerable to broken authentication and session management if: * The URL displays a session ID. * The session does not expire. * Sensitive data is sent over an unencrypted connection. * The credentials that are used to login to a web application are predictable. * The passwords are stored in plain text without any protection in place (without hashing and / or salting). I’ll go through each of these scenarios one by one beginning from the top. **Displaying the session ID in the URL** This is so bad that I can’t even fathom it. Displaying a session ID in the URL allows anyone – anyone – to hijack your session by simply copying the URL. What’s the risk you ask? Refer to the example above. This is the most common way Broken Authentication and Session Management is exploited. It’s easy to patch, yet, according to the 2017 OWASP top 10 list, such a flaw is indeed prevalent. **Failing to terminate a session** Failing to terminate a session is another way of how such a vulnerability could be introduced – having a session which does not expire could allow an attacker to gain unauthorized access to a web application. You visit a café, log in to your bank account and leave your PC unattended while you go talk to the waitress, come back 5 minutes later and the next thing you see is that you have no money – because your bank did not terminate sessions, someone walked up to your PC, switched to a browser tab and stole your money. **Sending sensitive data over an unencrypted connection** Any sensitive information that is being sent to a web application should be encrypted, meaning it should be sent through the HTTPS protocol instead of using HTTP. Sending sensitive data over HTTP introduces a web application to a number of risks, most notably, eavesdropping on communications – if your login information is sent over HTTP and your Wi-Fi connection is being monitored, a potential attacker could intercept the traffic. **Predictable login credentials** If a user is using predictable credentials to log into his account, the account could be easily compromised. Instead, use strong and unique passwords everywhere – each of your passwords should contain uppercase, lowercase letters, numbers and symbols. It should also be noted that on this occasion, password managers are enormously helpful – if you’re not yet using one, start doing it now. **Insecure password storage** Strong passwords are important, but storing them securely is enormously important too. People might use very strong passwords, but if they are stored in plain text the security of a service could be compromised by anyone just having a peek at them. If you must store passwords, use a strong hashing algorithm like BCrypt, and, if you have many users, also salt the passwords. A salt is used as an additional input to a hash – it makes cracking large volumes of passwords harder for an attacker. **Wrap-up** Broken Authentication and Session Management is one of the common weaknesses found in modern-day software. The risks of such a vulnerability depend on a web application and what privileges a user has when logged in, and the consequences of such a flaw being exploited can range from an attacker viewing data he is not authorized to view to you getting your identity stolen – even though such a vulnerability might not seem very severe at first, it is not something that should be taken lightly. |
| json metadata | {"tags":["vulnerability","owasp","web","hacking","security"],"image":["https://cdn.steemitimages.com/DQmTB3GYzywdwCEr6Nc6QjbHKtAQf9dVvtLeZkMJ1Jhiosb/image.png","https://cdn.steemitimages.com/DQmavkhQVE2kbrUE4WBQY7c75VVYB9tgRo5FKXbB4TP7AqB/image.png","https://cdn.steemitimages.com/DQmZteMSUSQzF375pdJNZjiFL8QHcwZJHBJQYWMeMbMXYuU/image.png","https://cdn.steemitimages.com/DQmQZEN85JRDJ4uUnVF1eRtQDwJMmW9Hq67HuYEYxwaLEb2/image.png","https://cdn.steemitimages.com/DQmTHHwpaiwDqZxASDZR5XWzRqedea6eHQfSf8oKSh4PmM6/image.png","https://cdn.steemitimages.com/DQmU7p5LxxySFyxtxiE2PZa9Pbg9Z8pyBR8G1hnVtdGw1mF/image.png"],"app":"steemit/0.1","format":"markdown"} |
| parent author | |
| parent permlink | vulnerability |
| permlink | 2017-owasp-top-10-for-php-developers-part-2-broken-authentication-and-session-management |
| title | 2017 OWASP Top 10 for PHP Developers Part 2: Broken Authentication and Session Management |
| Transaction Info | Block #22994253/Trx 0dc0862f376d02a3de153e62854f2f90edd298fe |
View Raw JSON Data
{
"block": 22994253,
"op": [
"comment",
{
"author": "cryptonvester",
"body": "\n\nWhile browsing the web, you click on a link. The link leads you to a page like this:\n\n\nLooks like a usual login page, right? Let’s try logging in.\n\n\nYou go off to Discord and your friend asks for the URL of the login page, you provide him with this:\n\nYour friend clicks on the URL and..\n\n\n\nWait – he’s logged in? He did not authenticate, how is this possible?\n\nTo understand why this happened, we need to jump back in time and remember the URL that was sent. The URL looked like this:\n\n\nIncluding a session ID in the URL might not seem very significant at first, but think about it: what if this was your bank? You just sent off a URL that allows access to your account with money in it. Not a very fun scenario, is it?\n\nSuch a flaw is known as Broken Authentication and Session Management and it is #2 on the 2017 OWASP Top 10.\n\nIn this and the upcoming blog posts I’ll try to cover all of the 2017 OWASP Top 10 vulnerabilities. I will not be covering injection because I already did that in a previous blog post, so I will start from a flaw number two.\n\n**What is it?**\n\nSuch a vulnerability can allow an attacker to capture or bypass the authentication method that is used by a web application. An application might be vulnerable to broken authentication and session management if:\n\n * The URL displays a session ID.\n * The session does not expire.\n * Sensitive data is sent over an unencrypted connection.\n * The credentials that are used to login to a web application are predictable.\n * The passwords are stored in plain text without any protection in place (without hashing and / or salting).\n\nI’ll go through each of these scenarios one by one beginning from the top.\n\n**Displaying the session ID in the URL**\n\nThis is so bad that I can’t even fathom it. Displaying a session ID in the URL allows anyone – anyone – to hijack your session by simply copying the URL. What’s the risk you ask? Refer to the example above.\n\nThis is the most common way Broken Authentication and Session Management is exploited. It’s easy to patch, yet, according to the 2017 OWASP top 10 list, such a flaw is indeed prevalent.\n\n**Failing to terminate a session**\n\nFailing to terminate a session is another way of how such a vulnerability could be introduced – having a session which does not expire could allow an attacker to gain unauthorized access to a web application.\n\nYou visit a café, log in to your bank account and leave your PC unattended while you go talk to the waitress, come back 5 minutes later and the next thing you see is that you have no money – because your bank did not terminate sessions, someone walked up to your PC, switched to a browser tab and stole your money.\n\n**Sending sensitive data over an unencrypted connection**\n\nAny sensitive information that is being sent to a web application should be encrypted, meaning it should be sent through the HTTPS protocol instead of using HTTP.\n\nSending sensitive data over HTTP introduces a web application to a number of risks, most notably, eavesdropping on communications – if your login information is sent over HTTP and your Wi-Fi connection is being monitored, a potential attacker could intercept the traffic.\n\n**Predictable login credentials**\n\nIf a user is using predictable credentials to log into his account, the account could be easily compromised. \nInstead, use strong and unique passwords everywhere – each of your passwords should contain uppercase, lowercase letters, numbers and symbols.\n It should also be noted that on this occasion, password managers are enormously helpful – if you’re not yet using one, start doing it now.\n\n**Insecure password storage**\n\nStrong passwords are important, but storing them securely is enormously important too. People might use very strong passwords, but if they are stored in plain text the security of a service could be compromised by anyone just having a peek at them.\n\nIf you must store passwords, use a strong hashing algorithm like BCrypt, and, if you have many users, also salt the passwords. A salt is used as an additional input to a hash – it makes cracking large volumes of passwords harder for an attacker.\n\n**Wrap-up**\n\nBroken Authentication and Session Management is one of the common weaknesses found in modern-day software.\n The risks of such a vulnerability depend on a web application and what privileges a user has when logged in, and the consequences of such a flaw being exploited can range from an attacker viewing data he is not authorized to view to you getting your identity stolen – even though such a vulnerability might not seem very severe at first, it is not something that should be taken lightly.",
"json_metadata": "{\"tags\":[\"vulnerability\",\"owasp\",\"web\",\"hacking\",\"security\"],\"image\":[\"https://cdn.steemitimages.com/DQmTB3GYzywdwCEr6Nc6QjbHKtAQf9dVvtLeZkMJ1Jhiosb/image.png\",\"https://cdn.steemitimages.com/DQmavkhQVE2kbrUE4WBQY7c75VVYB9tgRo5FKXbB4TP7AqB/image.png\",\"https://cdn.steemitimages.com/DQmZteMSUSQzF375pdJNZjiFL8QHcwZJHBJQYWMeMbMXYuU/image.png\",\"https://cdn.steemitimages.com/DQmQZEN85JRDJ4uUnVF1eRtQDwJMmW9Hq67HuYEYxwaLEb2/image.png\",\"https://cdn.steemitimages.com/DQmTHHwpaiwDqZxASDZR5XWzRqedea6eHQfSf8oKSh4PmM6/image.png\",\"https://cdn.steemitimages.com/DQmU7p5LxxySFyxtxiE2PZa9Pbg9Z8pyBR8G1hnVtdGw1mF/image.png\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\"}",
"parent_author": "",
"parent_permlink": "vulnerability",
"permlink": "2017-owasp-top-10-for-php-developers-part-2-broken-authentication-and-session-management",
"title": "2017 OWASP Top 10 for PHP Developers Part 2: Broken Authentication and Session Management"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-03T09:01:42",
"trx_id": "0dc0862f376d02a3de153e62854f2f90edd298fe",
"trx_in_block": 19,
"virtual_op": 0
}thevillanupvoted (0.50%) @cryptonvester / a-creative-tittle-zg1hbmlh-2twr82018/06/02 13:40:21
thevillanupvoted (0.50%) @cryptonvester / a-creative-tittle-zg1hbmlh-2twr8
2018/06/02 13:40:21
| author | cryptonvester |
| permlink | a-creative-tittle-zg1hbmlh-2twr8 |
| voter | thevillan |
| weight | 50 (0.50%) |
| Transaction Info | Block #22971036/Trx f5f49544e90f8367e791f4fb9a889fff3a85ce11 |
View Raw JSON Data
{
"block": 22971036,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "a-creative-tittle-zg1hbmlh-2twr8",
"voter": "thevillan",
"weight": 50
}
],
"op_in_trx": 0,
"timestamp": "2018-06-02T13:40:21",
"trx_id": "f5f49544e90f8367e791f4fb9a889fff3a85ce11",
"trx_in_block": 23,
"virtual_op": 0
}2018/06/02 13:39:33
2018/06/02 13:39:33
| author | a-0-0 |
| body | Get a $9.60 Upvote and Your Post Resteemed to My 2 Accounts @a-0-0 & @a-a-a with 72,500+ Followers. Send 5 SBD with Your post URL in MEMO to @a-0-0 |
| json metadata | {"tags":["dmania"],"users":["a-0-0","a-a-a"],"app":"steemit/0.1"} |
| parent author | cryptonvester |
| parent permlink | a-creative-tittle-zg1hbmlh-2twr8 |
| permlink | re-cryptonvester-a-creative-tittle-zg1hbmlh-2twr8-20180602t133933052z |
| title | |
| Transaction Info | Block #22971020/Trx 81e7a7a4d45f5ce938bfe737d86844e9a4ea09f6 |
View Raw JSON Data
{
"block": 22971020,
"op": [
"comment",
{
"author": "a-0-0",
"body": "Get a $9.60 Upvote and Your Post Resteemed to My 2 Accounts @a-0-0 & @a-a-a with 72,500+ Followers. Send 5 SBD with Your post URL in MEMO to @a-0-0",
"json_metadata": "{\"tags\":[\"dmania\"],\"users\":[\"a-0-0\",\"a-a-a\"],\"app\":\"steemit/0.1\"}",
"parent_author": "cryptonvester",
"parent_permlink": "a-creative-tittle-zg1hbmlh-2twr8",
"permlink": "re-cryptonvester-a-creative-tittle-zg1hbmlh-2twr8-20180602t133933052z",
"title": ""
}
],
"op_in_trx": 0,
"timestamp": "2018-06-02T13:39:33",
"trx_id": "81e7a7a4d45f5ce938bfe737d86844e9a4ea09f6",
"trx_in_block": 12,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @cryptonvester / a-creative-tittle-zg1hbmlh-2twr82018/06/02 13:39:15
cryptonvesterupvoted (100.00%) @cryptonvester / a-creative-tittle-zg1hbmlh-2twr8
2018/06/02 13:39:15
| author | cryptonvester |
| permlink | a-creative-tittle-zg1hbmlh-2twr8 |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #22971014/Trx da0ab5e488697e215c5665ef42dd1e7c2b39862a |
View Raw JSON Data
{
"block": 22971014,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "a-creative-tittle-zg1hbmlh-2twr8",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-02T13:39:15",
"trx_id": "da0ab5e488697e215c5665ef42dd1e7c2b39862a",
"trx_in_block": 25,
"virtual_op": 0
}cryptonvesterupdated options for a-creative-tittle-zg1hbmlh-2twr82018/06/02 13:39:12
cryptonvesterupdated options for a-creative-tittle-zg1hbmlh-2twr8
2018/06/02 13:39:12
| allow curation rewards | true |
| allow votes | true |
| author | cryptonvester |
| extensions | [[0,{"beneficiaries":[{"account":"cnts","weight":500},{"account":"dmania","weight":1000},{"account":"elgeko","weight":500},{"account":"vonabell","weight":500}]}]] |
| max accepted payout | 1000000.000 SBD |
| percent steem dollars | 10000 |
| permlink | a-creative-tittle-zg1hbmlh-2twr8 |
| Transaction Info | Block #22971013/Trx a3fdb4d106ecdcfb413e74e679dfee3af20905ae |
View Raw JSON Data
{
"block": 22971013,
"op": [
"comment_options",
{
"allow_curation_rewards": true,
"allow_votes": true,
"author": "cryptonvester",
"extensions": [
[
0,
{
"beneficiaries": [
{
"account": "cnts",
"weight": 500
},
{
"account": "dmania",
"weight": 1000
},
{
"account": "elgeko",
"weight": 500
},
{
"account": "vonabell",
"weight": 500
}
]
}
]
],
"max_accepted_payout": "1000000.000 SBD",
"percent_steem_dollars": 10000,
"permlink": "a-creative-tittle-zg1hbmlh-2twr8"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-02T13:39:12",
"trx_id": "a3fdb4d106ecdcfb413e74e679dfee3af20905ae",
"trx_in_block": 26,
"virtual_op": 0
}cryptonvesterpublished a new post: a-creative-tittle-zg1hbmlh-2twr82018/06/02 13:39:12
cryptonvesterpublished a new post: a-creative-tittle-zg1hbmlh-2twr8
2018/06/02 13:39:12
| author | cryptonvester |
| body | <center> <a href="https://dmania.lol/post/cryptonvester/a-creative-tittle-zg1hbmlh-2twr8"> <img src="https://s3-eu-west-1.amazonaws.com/dmania-images/meme-18-plj50yo.jpg"> </a> <h3><a href="https://dmania.lol/post/cryptonvester/a-creative-tittle-zg1hbmlh-2twr8">View post on dMania</a></h3> <a href="https://dmania.lol"> <img src="https://dmania.lol/assets/img/dmania_steemit_post.png"> </a> </center> |
| json metadata | {"tags":["dmania","meme","funny","lazy","ye"],"image":["https://s3-eu-west-1.amazonaws.com/dmania-images/meme-18-plj50yo.jpg"],"isGIF":false,"app":"dmania/0.7"} |
| parent author | |
| parent permlink | dmania |
| permlink | a-creative-tittle-zg1hbmlh-2twr8 |
| title | A creative tittle |
| Transaction Info | Block #22971013/Trx a3fdb4d106ecdcfb413e74e679dfee3af20905ae |
View Raw JSON Data
{
"block": 22971013,
"op": [
"comment",
{
"author": "cryptonvester",
"body": "<center>\n <a href=\"https://dmania.lol/post/cryptonvester/a-creative-tittle-zg1hbmlh-2twr8\">\n <img src=\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-18-plj50yo.jpg\">\n </a>\n <h3><a href=\"https://dmania.lol/post/cryptonvester/a-creative-tittle-zg1hbmlh-2twr8\">View post on dMania</a></h3>\n <a href=\"https://dmania.lol\">\n <img src=\"https://dmania.lol/assets/img/dmania_steemit_post.png\">\n </a>\n </center>",
"json_metadata": "{\"tags\":[\"dmania\",\"meme\",\"funny\",\"lazy\",\"ye\"],\"image\":[\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-18-plj50yo.jpg\"],\"isGIF\":false,\"app\":\"dmania/0.7\"}",
"parent_author": "",
"parent_permlink": "dmania",
"permlink": "a-creative-tittle-zg1hbmlh-2twr8",
"title": "A creative tittle"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-02T13:39:12",
"trx_id": "a3fdb4d106ecdcfb413e74e679dfee3af20905ae",
"trx_in_block": 26,
"virtual_op": 0
}thevillanupvoted (0.50%) @cryptonvester / other-uses-of-htaccess-making-a-htaccess-based-waf2018/06/02 12:59:33
thevillanupvoted (0.50%) @cryptonvester / other-uses-of-htaccess-making-a-htaccess-based-waf
2018/06/02 12:59:33
| author | cryptonvester |
| permlink | other-uses-of-htaccess-making-a-htaccess-based-waf |
| voter | thevillan |
| weight | 50 (0.50%) |
| Transaction Info | Block #22970221/Trx e6cd9cc7705db56e99aac878794ea87cda44adef |
View Raw JSON Data
{
"block": 22970221,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "other-uses-of-htaccess-making-a-htaccess-based-waf",
"voter": "thevillan",
"weight": 50
}
],
"op_in_trx": 0,
"timestamp": "2018-06-02T12:59:33",
"trx_id": "e6cd9cc7705db56e99aac878794ea87cda44adef",
"trx_in_block": 30,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @cryptonvester / other-uses-of-htaccess-making-a-htaccess-based-waf2018/06/02 12:57:48
cryptonvesterupvoted (100.00%) @cryptonvester / other-uses-of-htaccess-making-a-htaccess-based-waf
2018/06/02 12:57:48
| author | cryptonvester |
| permlink | other-uses-of-htaccess-making-a-htaccess-based-waf |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #22970186/Trx 7bc6fc86479a8e2f869ab30d1b2c9e197cf0dfe5 |
View Raw JSON Data
{
"block": 22970186,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "other-uses-of-htaccess-making-a-htaccess-based-waf",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-06-02T12:57:48",
"trx_id": "7bc6fc86479a8e2f869ab30d1b2c9e197cf0dfe5",
"trx_in_block": 12,
"virtual_op": 0
}cryptonvesterpublished a new post: other-uses-of-htaccess-making-a-htaccess-based-waf2018/06/02 12:57:36
cryptonvesterpublished a new post: other-uses-of-htaccess-making-a-htaccess-based-waf
2018/06/02 12:57:36
| author | cryptonvester |
| body | If you’re a web developer, you’re probably fammiliar with .htaccess. If you’re not, let me give you a quick introduction: .htaccess is a part of Apache. A .htaccess file provides a way to make configuration changes on a per-directory basis without needing to edit Apache’s main configuration files. .htaccess is useful for many purposes: it can be used for URL rewriting, IP address blocking, restricting access to certain directories and so on. What I’m going to focus on today is probably a bit unusual – I will try to explain how to make a .htaccess-based Web Application Firewall (WAF). I would not recommend this approach if you want to create your own Web Application Firewall – you’re better off using a language like PHP or whatever you’re comfortable with – but it’s certainly possible. **But .htaccess..** I know, I know. That is not the main purpose of .htaccess, but hey, we all want to try something new at some point in time, don’t we? So, without further ado, I’ll jump straight into it. **The functionality** Our small, .htaccess-based WAF will detect a potentially malicious attack attempt, block it and log the attempt to a database. We will need an .htaccess file, a WAF.php file and an Index.php file (the file names can be anything, I chose WAF and Index for simplicity). I assume you created the files already, so here’s what we will do – jump over to your .htaccess, turn RewriteEngine on and paste this, this will be our first WAF rule:  Wait..what?  Now, since we have this rule in our .htaccess, we should probably try to create an intentional Cross-Site Scripting (XSS) vulnerability and try to trigger it somewhere using a [script] tag to see if our small WAF blocks the attempt, right?  Wait – the .htaccess should have stopped the XSS but it still got triggered? How? The answer is very simple: that happened because we forgot to tell our .htaccess to actually block the attempt.. Blocking the attempt is pretty easy: open your .htaccess and paste this line after all your WAF rules:  Then, create a WAF.php file, disallow direct access to it (the last thing you want is to log legitimate requests as attacks..) and log the attempts to a database. Let’s use our payload again and see what happens:  Here we go – that’s a lot better! But wait – we also specified an [OR] parameter – that means we should include at least one more rule, so let’s do that now:  This way, you can specify multiple keywords that will get blocked without copying and pasting the same line and then modifying it which is an extremely good thing. One thing that should be noted is that the firewall will only block malicious GET requests – POST requests will remain unfiltered. **IP blacklisting** .htaccess also lets you block IP addresses from accessing your website. To accomplish this, open your .htaccess and add a rule like the one shown below:  There may be occasions where you would want to deny only specific IP addresses while granting access to others:  **Denying access to files and directories** At times, you might want to deny access to specific files such as the configuration file. This can be accomplished by adding the following to your .htaccess:  The same can be applied to directories:  Granted, you could create a .htaccess file in the directory you wish to protect and disallow IP addresses from accessing it as shown above too. **Summary** .htaccess isn’t only used for restricting access to directories – when used properly, it can be turned into an extremely powerful tool that can be used to achieve a variety of goals – from forcing your website to load securely to functioning as a Web Application Firewall. That being said, .htaccess has other use cases too – these will be covered in the upcoming articles, perhaps. |
| json metadata | {"tags":["hacking","waf","web","application","ip"],"image":["https://cdn.steemitimages.com/DQmQRcPdP6vnadL4938XXHKACR78C3pgoR7RQZQgpUo1rrP/image.png","https://cdn.steemitimages.com/DQmUE7mjtDw9egFiAcLu9WwsNtniqLAWp3JKz8fSjQQzuNE/image.png","https://cdn.steemitimages.com/DQmS5Gdbp3T4uNQKcYjMvjBeisri7fEn7966yLcVEWTBhfo/image.png","https://cdn.steemitimages.com/DQmYBuzFXFFMocem7ScrvFnpvfawk4vgqH4dkU6fHontCzs/image.png","https://cdn.steemitimages.com/DQmPrD8fPRRMzdxiFum8zvgYTNQoMZn6twA3TyPBMYvN4me/image.png","https://cdn.steemitimages.com/DQmc1EP58ceN9mhdekfrS1777kHCaptZNJ91T991zvo2zq7/image.png","https://cdn.steemitimages.com/DQmWYX1BELQ1dAkYjgH9sLdJSVzqvFR3n5uh67ovywTX4RR/image.png","https://cdn.steemitimages.com/DQmNVC2LAPtGLrVax7KWJxN6xVyFfXKMW42me7a8stNZN1j/image.png","https://cdn.steemitimages.com/DQmVFFC3vKaRjqt6uUZjNAXbZC39gjFaYfobgqgZJxW4oXf/image.png","https://cdn.steemitimages.com/DQmT4PFLVe2xfNt7LEwkVAzufYieEdfLva1VmTkTocXnGx7/image.png"],"app":"steemit/0.1","format":"markdown"} |
| parent author | |
| parent permlink | hacking |
| permlink | other-uses-of-htaccess-making-a-htaccess-based-waf |
| title | Other uses of .htaccess: Making a .htaccess-based WAF |
| Transaction Info | Block #22970182/Trx f0ec010e7c71f7b79c9666fd00e9a0ecdc5a339e |
View Raw JSON Data
{
"block": 22970182,
"op": [
"comment",
{
"author": "cryptonvester",
"body": "If you’re a web developer, you’re probably fammiliar with .htaccess. \nIf you’re not, let me give you a quick introduction: .htaccess is a part of Apache.\n A .htaccess file provides a way to make configuration changes on a per-directory basis without needing to edit Apache’s main configuration files. \n.htaccess is useful for many purposes: it can be used for URL rewriting, IP address blocking, restricting access to certain directories and so on.\n\nWhat I’m going to focus on today is probably a bit unusual – I will try to explain how to make a .htaccess-based Web Application Firewall (WAF). \nI would not recommend this approach if you want to create your own Web Application Firewall – you’re better off using a language like PHP or whatever you’re comfortable with – but it’s certainly possible.\n\n**But .htaccess..**\n\nI know, I know. That is not the main purpose of .htaccess, but hey, we all want to try something new at some point in time, don’t we? So, without further ado, I’ll jump straight into it.\n\n**The functionality**\n\nOur small, .htaccess-based WAF will detect a potentially malicious attack attempt, block it and log the attempt to a database. We will need an .htaccess file, a WAF.php file and an Index.php file (the file names can be anything, I chose WAF and Index for simplicity).\n\nI assume you created the files already, so here’s what we will do – jump over to your .htaccess, turn RewriteEngine on and paste this, this will be our first WAF rule:\n\n\nWait..what?\n \n\nNow, since we have this rule in our .htaccess, we should probably try to create an intentional Cross-Site Scripting (XSS) vulnerability and try to trigger it somewhere using a [script] tag to see if our small WAF blocks the attempt, right?\n\n\nWait – the .htaccess should have stopped the XSS but it still got triggered? How?\n\nThe answer is very simple: that happened because we forgot to tell our .htaccess to actually block the attempt..\n\nBlocking the attempt is pretty easy: open your .htaccess and paste this line after all your WAF rules:\n\n\n\nThen, create a WAF.php file, disallow direct access to it (the last thing you want is to log legitimate requests as attacks..) and log the attempts to a database. Let’s use our payload again and see what happens:\n\n\n\nHere we go – that’s a lot better!\n\nBut wait – we also specified an [OR] parameter – that means we should include at least one more rule, so let’s do that now:\n\n \n\nThis way, you can specify multiple keywords that will get blocked without copying and pasting the same line and then modifying it which is an extremely good thing.\n\nOne thing that should be noted is that the firewall will only block malicious GET requests – POST requests will remain unfiltered.\n\n**IP blacklisting**\n\n.htaccess also lets you block IP addresses from accessing your website. To accomplish this, open your .htaccess and add a rule like the one shown below:\n\n\n\nThere may be occasions where you would want to deny only specific IP addresses while granting access to others:\n\n\n\n**Denying access to files and directories**\n\nAt times, you might want to deny access to specific files such as the configuration file. This can be accomplished by adding the following to your .htaccess:\n\n\n\nThe same can be applied to directories:\n\n\nGranted, you could create a .htaccess file in the directory you wish to protect and disallow IP addresses from accessing it as shown above too.\n\n**Summary**\n\n.htaccess isn’t only used for restricting access to directories – when used properly, it can be turned into an extremely powerful tool that can be used to achieve a variety of goals – from forcing your website to load securely to functioning as a Web Application Firewall. \nThat being said, .htaccess has other use cases too – these will be covered in the upcoming articles, perhaps.",
"json_metadata": "{\"tags\":[\"hacking\",\"waf\",\"web\",\"application\",\"ip\"],\"image\":[\"https://cdn.steemitimages.com/DQmQRcPdP6vnadL4938XXHKACR78C3pgoR7RQZQgpUo1rrP/image.png\",\"https://cdn.steemitimages.com/DQmUE7mjtDw9egFiAcLu9WwsNtniqLAWp3JKz8fSjQQzuNE/image.png\",\"https://cdn.steemitimages.com/DQmS5Gdbp3T4uNQKcYjMvjBeisri7fEn7966yLcVEWTBhfo/image.png\",\"https://cdn.steemitimages.com/DQmYBuzFXFFMocem7ScrvFnpvfawk4vgqH4dkU6fHontCzs/image.png\",\"https://cdn.steemitimages.com/DQmPrD8fPRRMzdxiFum8zvgYTNQoMZn6twA3TyPBMYvN4me/image.png\",\"https://cdn.steemitimages.com/DQmc1EP58ceN9mhdekfrS1777kHCaptZNJ91T991zvo2zq7/image.png\",\"https://cdn.steemitimages.com/DQmWYX1BELQ1dAkYjgH9sLdJSVzqvFR3n5uh67ovywTX4RR/image.png\",\"https://cdn.steemitimages.com/DQmNVC2LAPtGLrVax7KWJxN6xVyFfXKMW42me7a8stNZN1j/image.png\",\"https://cdn.steemitimages.com/DQmVFFC3vKaRjqt6uUZjNAXbZC39gjFaYfobgqgZJxW4oXf/image.png\",\"https://cdn.steemitimages.com/DQmT4PFLVe2xfNt7LEwkVAzufYieEdfLva1VmTkTocXnGx7/image.png\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\"}",
"parent_author": "",
"parent_permlink": "hacking",
"permlink": "other-uses-of-htaccess-making-a-htaccess-based-waf",
"title": "Other uses of .htaccess: Making a .htaccess-based WAF"
}
],
"op_in_trx": 0,
"timestamp": "2018-06-02T12:57:36",
"trx_id": "f0ec010e7c71f7b79c9666fd00e9a0ecdc5a339e",
"trx_in_block": 19,
"virtual_op": 0
}esme-svhupvoted (16.00%) @cryptonvester / cat-zg1hbmlh-orzx22018/05/29 16:28:36
esme-svhupvoted (16.00%) @cryptonvester / cat-zg1hbmlh-orzx2
2018/05/29 16:28:36
| author | cryptonvester |
| permlink | cat-zg1hbmlh-orzx2 |
| voter | esme-svh |
| weight | 1600 (16.00%) |
| Transaction Info | Block #22859240/Trx 8a21b29cf6ac08013bd430ebabe443717966eaa1 |
View Raw JSON Data
{
"block": 22859240,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "cat-zg1hbmlh-orzx2",
"voter": "esme-svh",
"weight": 1600
}
],
"op_in_trx": 0,
"timestamp": "2018-05-29T16:28:36",
"trx_id": "8a21b29cf6ac08013bd430ebabe443717966eaa1",
"trx_in_block": 8,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @cryptonvester / cat-zg1hbmlh-orzx22018/05/29 15:40:36
cryptonvesterupvoted (100.00%) @cryptonvester / cat-zg1hbmlh-orzx2
2018/05/29 15:40:36
| author | cryptonvester |
| permlink | cat-zg1hbmlh-orzx2 |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #22858280/Trx 67cef8840863475999f2ff71d328d204903bec72 |
View Raw JSON Data
{
"block": 22858280,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "cat-zg1hbmlh-orzx2",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-05-29T15:40:36",
"trx_id": "67cef8840863475999f2ff71d328d204903bec72",
"trx_in_block": 39,
"virtual_op": 0
}cryptonvesterupdated options for cat-zg1hbmlh-orzx22018/05/29 15:40:33
cryptonvesterupdated options for cat-zg1hbmlh-orzx2
2018/05/29 15:40:33
| allow curation rewards | true |
| allow votes | true |
| author | cryptonvester |
| extensions | [[0,{"beneficiaries":[{"account":"cnts","weight":500},{"account":"dmania","weight":1000},{"account":"mat1973","weight":500},{"account":"vonabell","weight":500}]}]] |
| max accepted payout | 1000000.000 SBD |
| percent steem dollars | 10000 |
| permlink | cat-zg1hbmlh-orzx2 |
| Transaction Info | Block #22858279/Trx b47a67bbcf29d6946b31c917bd2dbedfb8c7fe11 |
View Raw JSON Data
{
"block": 22858279,
"op": [
"comment_options",
{
"allow_curation_rewards": true,
"allow_votes": true,
"author": "cryptonvester",
"extensions": [
[
0,
{
"beneficiaries": [
{
"account": "cnts",
"weight": 500
},
{
"account": "dmania",
"weight": 1000
},
{
"account": "mat1973",
"weight": 500
},
{
"account": "vonabell",
"weight": 500
}
]
}
]
],
"max_accepted_payout": "1000000.000 SBD",
"percent_steem_dollars": 10000,
"permlink": "cat-zg1hbmlh-orzx2"
}
],
"op_in_trx": 0,
"timestamp": "2018-05-29T15:40:33",
"trx_id": "b47a67bbcf29d6946b31c917bd2dbedfb8c7fe11",
"trx_in_block": 4,
"virtual_op": 0
}cryptonvesterpublished a new post: cat-zg1hbmlh-orzx22018/05/29 15:40:33
cryptonvesterpublished a new post: cat-zg1hbmlh-orzx2
2018/05/29 15:40:33
| author | cryptonvester |
| body | <center> <a href="https://dmania.lol/post/cryptonvester/cat-zg1hbmlh-orzx2"> <img src="https://s3-eu-west-1.amazonaws.com/dmania-images/meme-17-catholic-g4rgkr4.jpg"> </a> <h3><a href="https://dmania.lol/post/cryptonvester/cat-zg1hbmlh-orzx2">View post on dMania</a></h3> <a href="https://dmania.lol"> <img src="https://dmania.lol/assets/img/dmania_steemit_post.png"> </a> </center> |
| json metadata | {"tags":["dmania","meme","funny","cat","catholic"],"image":["https://s3-eu-west-1.amazonaws.com/dmania-images/meme-17-catholic-g4rgkr4.jpg"],"isGIF":false,"app":"dmania/0.7"} |
| parent author | |
| parent permlink | dmania |
| permlink | cat-zg1hbmlh-orzx2 |
| title | Cat |
| Transaction Info | Block #22858279/Trx b47a67bbcf29d6946b31c917bd2dbedfb8c7fe11 |
View Raw JSON Data
{
"block": 22858279,
"op": [
"comment",
{
"author": "cryptonvester",
"body": "<center>\n <a href=\"https://dmania.lol/post/cryptonvester/cat-zg1hbmlh-orzx2\">\n <img src=\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-17-catholic-g4rgkr4.jpg\">\n </a>\n <h3><a href=\"https://dmania.lol/post/cryptonvester/cat-zg1hbmlh-orzx2\">View post on dMania</a></h3>\n <a href=\"https://dmania.lol\">\n <img src=\"https://dmania.lol/assets/img/dmania_steemit_post.png\">\n </a>\n </center>",
"json_metadata": "{\"tags\":[\"dmania\",\"meme\",\"funny\",\"cat\",\"catholic\"],\"image\":[\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-17-catholic-g4rgkr4.jpg\"],\"isGIF\":false,\"app\":\"dmania/0.7\"}",
"parent_author": "",
"parent_permlink": "dmania",
"permlink": "cat-zg1hbmlh-orzx2",
"title": "Cat"
}
],
"op_in_trx": 0,
"timestamp": "2018-05-29T15:40:33",
"trx_id": "b47a67bbcf29d6946b31c917bd2dbedfb8c7fe11",
"trx_in_block": 4,
"virtual_op": 0
}steemdelegated 18.529 SP to @cryptonvester2018/05/28 15:44:36
steemdelegated 18.529 SP to @cryptonvester
2018/05/28 15:44:36
| delegatee | cryptonvester |
| delegator | steem |
| vesting shares | 30134.452143 VESTS |
| Transaction Info | Block #22829563/Trx 35363e40677e5fea1c11db534d8c3f42e3ed513f |
View Raw JSON Data
{
"block": 22829563,
"op": [
"delegate_vesting_shares",
{
"delegatee": "cryptonvester",
"delegator": "steem",
"vesting_shares": "30134.452143 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T15:44:36",
"trx_id": "35363e40677e5fea1c11db534d8c3f42e3ed513f",
"trx_in_block": 67,
"virtual_op": 0
}youngogmarqsupvoted (0.02%) @cryptonvester / an-old-ticket-system-security-analysis2018/05/28 15:04:51
youngogmarqsupvoted (0.02%) @cryptonvester / an-old-ticket-system-security-analysis
2018/05/28 15:04:51
| author | cryptonvester |
| permlink | an-old-ticket-system-security-analysis |
| voter | youngogmarqs |
| weight | 2 (0.02%) |
| Transaction Info | Block #22828768/Trx c7e320e9e1fcf4e2293c919a2a5f7e38aa536e2f |
View Raw JSON Data
{
"block": 22828768,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "an-old-ticket-system-security-analysis",
"voter": "youngogmarqs",
"weight": 2
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T15:04:51",
"trx_id": "c7e320e9e1fcf4e2293c919a2a5f7e38aa536e2f",
"trx_in_block": 85,
"virtual_op": 0
}smartmediagroupupvoted (2.25%) @cryptonvester / an-old-ticket-system-security-analysis2018/05/28 15:03:06
smartmediagroupupvoted (2.25%) @cryptonvester / an-old-ticket-system-security-analysis
2018/05/28 15:03:06
| author | cryptonvester |
| permlink | an-old-ticket-system-security-analysis |
| voter | smartmediagroup |
| weight | 225 (2.25%) |
| Transaction Info | Block #22828733/Trx 583e0553c18cf248cab95519e592bac129b31384 |
View Raw JSON Data
{
"block": 22828733,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "an-old-ticket-system-security-analysis",
"voter": "smartmediagroup",
"weight": 225
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T15:03:06",
"trx_id": "583e0553c18cf248cab95519e592bac129b31384",
"trx_in_block": 11,
"virtual_op": 0
}cryptonvesterclaimed reward balance: 0.005 STEEM, 0.190 SBD, 0.102 SP2018/05/28 14:46:03
cryptonvesterclaimed reward balance: 0.005 STEEM, 0.190 SBD, 0.102 SP
2018/05/28 14:46:03
| account | cryptonvester |
| reward sbd | 0.190 SBD |
| reward steem | 0.005 STEEM |
| reward vests | 165.104172 VESTS |
| Transaction Info | Block #22828392/Trx bd49c7fffcbe2a91f0f0e7b8b2b886f319c1934a |
View Raw JSON Data
{
"block": 22828392,
"op": [
"claim_reward_balance",
{
"account": "cryptonvester",
"reward_sbd": "0.190 SBD",
"reward_steem": "0.005 STEEM",
"reward_vests": "165.104172 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T14:46:03",
"trx_id": "bd49c7fffcbe2a91f0f0e7b8b2b886f319c1934a",
"trx_in_block": 18,
"virtual_op": 0
}cryptonvesterunfollowed @initforthemoney2018/05/28 14:45:36
cryptonvesterunfollowed @initforthemoney
2018/05/28 14:45:36
| id | follow |
| json | ["follow",{"follower":"cryptonvester","following":"initforthemoney","what":[]}] |
| required auths | [] |
| required posting auths | ["cryptonvester"] |
| Transaction Info | Block #22828383/Trx e5da5fb2eede5fc52832f8f5998d4887b5f45c5f |
View Raw JSON Data
{
"block": 22828383,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"follow\",{\"follower\":\"cryptonvester\",\"following\":\"initforthemoney\",\"what\":[]}]",
"required_auths": [],
"required_posting_auths": [
"cryptonvester"
]
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T14:45:36",
"trx_id": "e5da5fb2eede5fc52832f8f5998d4887b5f45c5f",
"trx_in_block": 5,
"virtual_op": 0
}cryptonvesterupvoted (100.00%) @cryptonvester / an-old-ticket-system-security-analysis2018/05/28 14:40:30
cryptonvesterupvoted (100.00%) @cryptonvester / an-old-ticket-system-security-analysis
2018/05/28 14:40:30
| author | cryptonvester |
| permlink | an-old-ticket-system-security-analysis |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #22828281/Trx 3fd934d1a461ec77c70fa18689e5b6da94c17ff4 |
View Raw JSON Data
{
"block": 22828281,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "an-old-ticket-system-security-analysis",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T14:40:30",
"trx_id": "3fd934d1a461ec77c70fa18689e5b6da94c17ff4",
"trx_in_block": 34,
"virtual_op": 0
}cryptonvesterpublished a new post: an-old-ticket-system-security-analysis2018/05/28 14:39:57
cryptonvesterpublished a new post: an-old-ticket-system-security-analysis
2018/05/28 14:39:57
| author | cryptonvester |
| body | Since I started building websites few years ago, I’ve created a few projects. Some of them never saw daylight, some of them were deleted upon creation, some of them still reside in my project archive. When I was trawling through the archive a few days ago, I came across one of them. It was a ticket system I first made back in April 2016 – the whole project was dubbed a “Secure Ticket System” so it instantly caught my attention. I just had to take a look.. Here’s how the system looks like:  As compared to other ticket systems, there are a few things that can be noticed: The system did not let the user choose a priority of how his ticket should be handled. A user was unable to choose a ticket category. **The structure** The ticket system consisted of four files (excluding the stylesheets and javascript files which were also present): * Ticket submission file (Index.php) – a file which let the user submit a ticket. * Ticket response file (Respond.php) – a file which allowed the administrators submit a response to a ticket in question. * A file which displayed the contents of tickets (Tickets.php). * Ticket management file (View.php) – a file which allowed administrators to view information about submitted tickets: it displayed the ticket ID, the ticket name, the name and email of the person who submitted the ticket, displayed the ticket status and allowed administrators to click a button to respond to the ticket. The system did not use any relational (MySQL) or non-relational (NoSQL) database – as I wanted to try something new at the time, I’ve made it so that the entire system would be based on a flat file database. I’ll try to make an in-depth analysis of the security of each of the scripts beginning from the top and moving towards the bottom. **The submission** The submission process was relatively simple: After the “Send” button would be clicked, the system would filter all of the input fields using htmlentities() to ensure any and all XSS attack attempts would be halted. If the length of the subject is not greater than 20 characters and file with the same ID did not exist in the ticket archive, the ticket would be flagged as “Open” and submitted. A text file in the “tickets” directory would be created that would contain the contents of the ticket. The ticket then would also be submitted to View.php which allowed administrators to respond to it. Finally, a message would be displayed – if the submission process was successful, it would say ‘Ticket submitted successfully.” If it was not, the message would say “Ticket failed to submit.” **Viewing tickets** When the ticket would be submitted, it would be flagged as “Open” and thus, displayed on the viewing page:  The View.php script would scan the “tickets” directory, get the total count of files which then would be displayed. When the ticket would be submitted and flagged as “Open”, the Index.php script would also write some of the ticket contents to View.php. The script would also allow people who are privileged to view it to respond to the ticket in question:  If the “Close this ticket” checkmark was not checked, the response would be added to the ticket – if it was checked, the ticket would be deleted. This is another downside because with the majority of ticket systems on the web today, when the ticket is closed, a person has a chance to re-open it. My ticket system did not include this feature. **Security** The security of the system was not as bad as I expected it to be: the input of the user was sanitized and thus, it could not trigger an XSS attack, the “tickets” directory was protected by .htaccess. That being said, there were some caveats such as this one:  Wait – is that an SQL error? Yes. The system operated on a flat file basis, but we still got an SQL error. How? The answer is very simple – it was intentional. As my Web Application Firewall’s SQL injection detection rules were still under heavy development at the time, I wanted to see how effective they were. With that out of the way, we should now probably look at the actual flaws that the system had. One of them was Cross-Site Request Forgery (CSRF):  Since I did not set a CSRF token to validate that the form sent from the browser matches a token on the server, a CSRF attack was possible. The system required the user to be logged in to access the ticket submission page, and, if the appropriate POST parameters could be provided, a CSRF attack could be triggered – an end user could be forced to execute unwanted actions: in this case, submit a ticket. **Spam all the things!** I failed to protect the form against spam too – this means that anyone could create an automated script to automatically submit tickets.  Now imagine that, for example, tickets #145, #148 and #157 would be created by a legitimate user requesting support, but tickets #146, #147 and #149-#156 would be created by an automated script to spam the system, how would the administrators remove the spam while leaving the legitimate tickets intact? Since the system was based on a flat-file database, the administrators would have to accomplish this task manually – if the system had hundreds of tickets, the accomplishment of such a task would become almost impossible. **Summary** The ticket system lacked a few important features – most notably, a ticket re-opening feature. The form was sufficiently protected against Cross-Site Scripting (XSS), but it was not protected against Cross-Site Request Forgery (CSRF) – I could have implemented CSRF tokens which would have gotten rid of this problem. The system was not protected against spam either – I could have implemented a (re)CAPTCHA which would have fixed this issue. |
| json metadata | {"tags":["website","security","analysis","project","spam"],"image":["https://cdn.steemitimages.com/DQmYRLz3jhxkmcdkayGrJRyCVGuFLSEdPQW2Uz3xZGLkWyi/image.png","https://cdn.steemitimages.com/DQmVjCXYfV2xCFxMQ8QQ3ztzhuyjvA36XYp5shLWnASGkx5/image.png","https://cdn.steemitimages.com/DQmavcBswHYhf5K9A5MKw2K7kPaVsEB1nPqnUdFEeE224B2/image.png","https://cdn.steemitimages.com/DQmbM6VNQSx3SJ467zwLstrzERDaUuqVkfB4QYxPibv1wN2/image.png","https://cdn.steemitimages.com/DQmTy4XBDh2PRiiZfqgpvf1XUyZucoPNGXkvQY2i2Skm5h3/image.png","https://cdn.steemitimages.com/DQmXnsiiecF255BvoX51HgzbtboqnfUtsaU5erddtMPTDjG/image.png"],"app":"steemit/0.1","format":"markdown"} |
| parent author | |
| parent permlink | website |
| permlink | an-old-ticket-system-security-analysis |
| title | An old Ticket System Security Analysis |
| Transaction Info | Block #22828270/Trx 4af9eac4603ac3565f840e35b9765dd48761c135 |
View Raw JSON Data
{
"block": 22828270,
"op": [
"comment",
{
"author": "cryptonvester",
"body": "Since I started building websites few years ago, I’ve created a few projects. Some of them never saw daylight, some of them were deleted upon creation, some of them still reside in my project archive.\n When I was trawling through the archive a few days ago, I came across one of them. It was a ticket system I first made back in April 2016 – the whole project was dubbed a “Secure Ticket System” so it instantly caught my attention. I just had to take a look..\n\nHere’s how the system looks like:\n\nAs compared to other ticket systems, there are a few things that can be noticed:\n\n The system did not let the user choose a priority of how his ticket should be handled.\n A user was unable to choose a ticket category.\n\n**The structure**\n\nThe ticket system consisted of four files (excluding the stylesheets and javascript files which were also present):\n\n * Ticket submission file (Index.php) – a file which let the user submit a ticket.\n * Ticket response file (Respond.php) – a file which allowed the administrators submit a response to a ticket in question.\n * A file which displayed the contents of tickets (Tickets.php).\n * Ticket management file (View.php) – a file which allowed administrators to view information about submitted tickets: it displayed the ticket ID, the ticket name, the name and email of the person who submitted the ticket, displayed the ticket status and allowed administrators to click a button to respond to the ticket.\n\nThe system did not use any relational (MySQL) or non-relational (NoSQL) database – as I wanted to try something new at the time, I’ve made it so that the entire system would be based on a flat file database.\n\nI’ll try to make an in-depth analysis of the security of each of the scripts beginning from the top and moving towards the bottom.\n\n**The submission**\n\nThe submission process was relatively simple:\n\n After the “Send” button would be clicked, the system would filter all of the input fields using htmlentities() to ensure any and all XSS attack attempts would be halted.\n If the length of the subject is not greater than 20 characters and file with the same ID did not exist in the ticket archive, the ticket would be flagged as “Open” and submitted. \n\nA text file in the “tickets” directory would be created that would contain the contents of the ticket.\n The ticket then would also be submitted to View.php which allowed administrators to respond to it.\n Finally, a message would be displayed – if the submission process was successful, it would say ‘Ticket submitted successfully.” If it was not, the message would say “Ticket failed to submit.”\n\n**Viewing tickets**\n\nWhen the ticket would be submitted, it would be flagged as “Open” and thus, displayed on the viewing page:\n\n\nThe View.php script would scan the “tickets” directory, get the total count of files which then would be displayed. \nWhen the ticket would be submitted and flagged as “Open”, the Index.php script would also write some of the ticket contents to View.php. \nThe script would also allow people who are privileged to view it to respond to the ticket in question:\n\n\n\nIf the “Close this ticket” checkmark was not checked, the response would be added to the ticket – if it was checked, the ticket would be deleted.\n This is another downside because with the majority of ticket systems on the web today, when the ticket is closed, a person has a chance to re-open it. My ticket system did not include this feature.\n\n**Security**\n\nThe security of the system was not as bad as I expected it to be: the input of the user was sanitized and thus, it could not trigger an XSS attack, the “tickets” directory was protected by .htaccess. That being said, there were some caveats such as this one:\n\n\n\nWait – is that an SQL error? Yes.\n\nThe system operated on a flat file basis, but we still got an SQL error. How? The answer is very simple – it was intentional. \nAs my Web Application Firewall’s SQL injection detection rules were still under heavy development at the time, I wanted to see how effective they were. With that out of the way, we should now probably look at the actual flaws that the system had. \nOne of them was Cross-Site Request Forgery (CSRF):\n\n\nSince I did not set a CSRF token to validate that the form sent from the browser matches a token on the server, a CSRF attack was possible.\n The system required the user to be logged in to access the ticket submission page, and, if the appropriate POST parameters could be provided, a CSRF attack could be triggered – an end user could be forced to execute unwanted actions: in this case, submit a ticket.\n\n**Spam all the things!**\n\nI failed to protect the form against spam too – this means that anyone could create an automated script to automatically submit tickets.\n\nNow imagine that, for example, tickets #145, #148 and #157 would be created by a legitimate user requesting support, but tickets #146, #147 and #149-#156 would be created by an automated script to spam the system, how would the administrators remove the spam while leaving the legitimate tickets intact?\n\nSince the system was based on a flat-file database, the administrators would have to accomplish this task manually – if the system had hundreds of tickets, the accomplishment of such a task would become almost impossible.\n\n**Summary**\n\n The ticket system lacked a few important features – most notably, a ticket re-opening feature.\n\n The form was sufficiently protected against Cross-Site Scripting (XSS), but it was not protected against Cross-Site Request Forgery (CSRF) – I could have implemented CSRF tokens which would have gotten rid of this problem.\n\n The system was not protected against spam either – I could have implemented a (re)CAPTCHA which would have fixed this issue.",
"json_metadata": "{\"tags\":[\"website\",\"security\",\"analysis\",\"project\",\"spam\"],\"image\":[\"https://cdn.steemitimages.com/DQmYRLz3jhxkmcdkayGrJRyCVGuFLSEdPQW2Uz3xZGLkWyi/image.png\",\"https://cdn.steemitimages.com/DQmVjCXYfV2xCFxMQ8QQ3ztzhuyjvA36XYp5shLWnASGkx5/image.png\",\"https://cdn.steemitimages.com/DQmavcBswHYhf5K9A5MKw2K7kPaVsEB1nPqnUdFEeE224B2/image.png\",\"https://cdn.steemitimages.com/DQmbM6VNQSx3SJ467zwLstrzERDaUuqVkfB4QYxPibv1wN2/image.png\",\"https://cdn.steemitimages.com/DQmTy4XBDh2PRiiZfqgpvf1XUyZucoPNGXkvQY2i2Skm5h3/image.png\",\"https://cdn.steemitimages.com/DQmXnsiiecF255BvoX51HgzbtboqnfUtsaU5erddtMPTDjG/image.png\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\"}",
"parent_author": "",
"parent_permlink": "website",
"permlink": "an-old-ticket-system-security-analysis",
"title": "An old Ticket System Security Analysis"
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T14:39:57",
"trx_id": "4af9eac4603ac3565f840e35b9765dd48761c135",
"trx_in_block": 31,
"virtual_op": 0
}cryptonvesterupdated options for worth-reading-zg1hbmlh-0vlu32018/05/28 13:50:39
cryptonvesterupdated options for worth-reading-zg1hbmlh-0vlu3
2018/05/28 13:50:39
| allow curation rewards | true |
| allow votes | true |
| author | cryptonvester |
| extensions | [[0,{"beneficiaries":[{"account":"cnts","weight":500},{"account":"dmania","weight":1000},{"account":"elgeko","weight":500},{"account":"mat1973","weight":500}]}]] |
| max accepted payout | 1000000.000 SBD |
| percent steem dollars | 10000 |
| permlink | worth-reading-zg1hbmlh-0vlu3 |
| Transaction Info | Block #22827284/Trx de597a0edce9ce353cf58857111a5f314f09f3ba |
View Raw JSON Data
{
"block": 22827284,
"op": [
"comment_options",
{
"allow_curation_rewards": true,
"allow_votes": true,
"author": "cryptonvester",
"extensions": [
[
0,
{
"beneficiaries": [
{
"account": "cnts",
"weight": 500
},
{
"account": "dmania",
"weight": 1000
},
{
"account": "elgeko",
"weight": 500
},
{
"account": "mat1973",
"weight": 500
}
]
}
]
],
"max_accepted_payout": "1000000.000 SBD",
"percent_steem_dollars": 10000,
"permlink": "worth-reading-zg1hbmlh-0vlu3"
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T13:50:39",
"trx_id": "de597a0edce9ce353cf58857111a5f314f09f3ba",
"trx_in_block": 16,
"virtual_op": 0
}cryptonvesterpublished a new post: worth-reading-zg1hbmlh-0vlu32018/05/28 13:50:39
cryptonvesterpublished a new post: worth-reading-zg1hbmlh-0vlu3
2018/05/28 13:50:39
| author | cryptonvester |
| body | <center> <a href="https://dmania.lol/post/cryptonvester/worth-reading-zg1hbmlh-0vlu3"> <img src="https://s3-eu-west-1.amazonaws.com/dmania-images/meme-16-i-did-not-seen-this-coming-2lss21f.jpg"> </a> <h3><a href="https://dmania.lol/post/cryptonvester/worth-reading-zg1hbmlh-0vlu3">View post on dMania</a></h3> <a href="https://dmania.lol"> <img src="https://dmania.lol/assets/img/dmania_steemit_post.png"> </a> </center> |
| json metadata | {"tags":["dmania","meme","funny","comic","steem"],"image":["https://s3-eu-west-1.amazonaws.com/dmania-images/meme-16-i-did-not-seen-this-coming-2lss21f.jpg"],"isGIF":false,"app":"dmania/0.7"} |
| parent author | |
| parent permlink | dmania |
| permlink | worth-reading-zg1hbmlh-0vlu3 |
| title | Worth reading |
| Transaction Info | Block #22827284/Trx de597a0edce9ce353cf58857111a5f314f09f3ba |
View Raw JSON Data
{
"block": 22827284,
"op": [
"comment",
{
"author": "cryptonvester",
"body": "<center>\n <a href=\"https://dmania.lol/post/cryptonvester/worth-reading-zg1hbmlh-0vlu3\">\n <img src=\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-16-i-did-not-seen-this-coming-2lss21f.jpg\">\n </a>\n <h3><a href=\"https://dmania.lol/post/cryptonvester/worth-reading-zg1hbmlh-0vlu3\">View post on dMania</a></h3>\n <a href=\"https://dmania.lol\">\n <img src=\"https://dmania.lol/assets/img/dmania_steemit_post.png\">\n </a>\n </center>",
"json_metadata": "{\"tags\":[\"dmania\",\"meme\",\"funny\",\"comic\",\"steem\"],\"image\":[\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-16-i-did-not-seen-this-coming-2lss21f.jpg\"],\"isGIF\":false,\"app\":\"dmania/0.7\"}",
"parent_author": "",
"parent_permlink": "dmania",
"permlink": "worth-reading-zg1hbmlh-0vlu3",
"title": "Worth reading"
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T13:50:39",
"trx_id": "de597a0edce9ce353cf58857111a5f314f09f3ba",
"trx_in_block": 16,
"virtual_op": 0
}2018/05/28 13:48:57
2018/05/28 13:48:57
| author | sanmi |
| permlink | many-of-you-asked-me-to-explain-curation-rewardssimply-put-you-wont-get-rich-out-of-curation-zg1hbmlh-ebqjr |
| voter | cryptonvester |
| weight | 10000 (100.00%) |
| Transaction Info | Block #22827250/Trx 918cf52b14a97207798c3ed115a3baedb6a33295 |
View Raw JSON Data
{
"block": 22827250,
"op": [
"vote",
{
"author": "sanmi",
"permlink": "many-of-you-asked-me-to-explain-curation-rewardssimply-put-you-wont-get-rich-out-of-curation-zg1hbmlh-ebqjr",
"voter": "cryptonvester",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T13:48:57",
"trx_id": "918cf52b14a97207798c3ed115a3baedb6a33295",
"trx_in_block": 53,
"virtual_op": 0
}andrejaupvoted (100.00%) @cryptonvester / deep-shit-zg1hbmlh-i34qi2018/05/28 07:27:48
andrejaupvoted (100.00%) @cryptonvester / deep-shit-zg1hbmlh-i34qi
2018/05/28 07:27:48
| author | cryptonvester |
| permlink | deep-shit-zg1hbmlh-i34qi |
| voter | andreja |
| weight | 10000 (100.00%) |
| Transaction Info | Block #22819629/Trx 393f321659e24b7f847627bc0a7f955e0fd293c8 |
View Raw JSON Data
{
"block": 22819629,
"op": [
"vote",
{
"author": "cryptonvester",
"permlink": "deep-shit-zg1hbmlh-i34qi",
"voter": "andreja",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T07:27:48",
"trx_id": "393f321659e24b7f847627bc0a7f955e0fd293c8",
"trx_in_block": 47,
"virtual_op": 0
}cryptonvesterupdated options for deep-shit-zg1hbmlh-i34qi2018/05/28 07:04:24
cryptonvesterupdated options for deep-shit-zg1hbmlh-i34qi
2018/05/28 07:04:24
| allow curation rewards | true |
| allow votes | true |
| author | cryptonvester |
| extensions | [[0,{"beneficiaries":[{"account":"cnts","weight":500},{"account":"dmania","weight":1000},{"account":"hirsliturna","weight":500},{"account":"zombee","weight":500}]}]] |
| max accepted payout | 1000000.000 SBD |
| percent steem dollars | 10000 |
| permlink | deep-shit-zg1hbmlh-i34qi |
| Transaction Info | Block #22819161/Trx 7614bd121c30ce8f7b02258be5b4f38e1522e93d |
View Raw JSON Data
{
"block": 22819161,
"op": [
"comment_options",
{
"allow_curation_rewards": true,
"allow_votes": true,
"author": "cryptonvester",
"extensions": [
[
0,
{
"beneficiaries": [
{
"account": "cnts",
"weight": 500
},
{
"account": "dmania",
"weight": 1000
},
{
"account": "hirsliturna",
"weight": 500
},
{
"account": "zombee",
"weight": 500
}
]
}
]
],
"max_accepted_payout": "1000000.000 SBD",
"percent_steem_dollars": 10000,
"permlink": "deep-shit-zg1hbmlh-i34qi"
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T07:04:24",
"trx_id": "7614bd121c30ce8f7b02258be5b4f38e1522e93d",
"trx_in_block": 35,
"virtual_op": 0
}cryptonvesterpublished a new post: deep-shit-zg1hbmlh-i34qi2018/05/28 07:04:24
cryptonvesterpublished a new post: deep-shit-zg1hbmlh-i34qi
2018/05/28 07:04:24
| author | cryptonvester |
| body | <center> <a href="https://dmania.lol/post/cryptonvester/deep-shit-zg1hbmlh-i34qi"> <img src="https://s3-eu-west-1.amazonaws.com/dmania-images/meme-15-the-michelangelo-code-ilogu9e.jpg"> </a> <h3><a href="https://dmania.lol/post/cryptonvester/deep-shit-zg1hbmlh-i34qi">View post on dMania</a></h3> <a href="https://dmania.lol"> <img src="https://dmania.lol/assets/img/dmania_steemit_post.png"> </a> </center> |
| json metadata | {"tags":["dmania","meme","funny","brain","lie"],"image":["https://s3-eu-west-1.amazonaws.com/dmania-images/meme-15-the-michelangelo-code-ilogu9e.jpg"],"isGIF":false,"app":"dmania/0.7"} |
| parent author | |
| parent permlink | dmania |
| permlink | deep-shit-zg1hbmlh-i34qi |
| title | Deep shit |
| Transaction Info | Block #22819161/Trx 7614bd121c30ce8f7b02258be5b4f38e1522e93d |
View Raw JSON Data
{
"block": 22819161,
"op": [
"comment",
{
"author": "cryptonvester",
"body": "<center>\n <a href=\"https://dmania.lol/post/cryptonvester/deep-shit-zg1hbmlh-i34qi\">\n <img src=\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-15-the-michelangelo-code-ilogu9e.jpg\">\n </a>\n <h3><a href=\"https://dmania.lol/post/cryptonvester/deep-shit-zg1hbmlh-i34qi\">View post on dMania</a></h3>\n <a href=\"https://dmania.lol\">\n <img src=\"https://dmania.lol/assets/img/dmania_steemit_post.png\">\n </a>\n </center>",
"json_metadata": "{\"tags\":[\"dmania\",\"meme\",\"funny\",\"brain\",\"lie\"],\"image\":[\"https://s3-eu-west-1.amazonaws.com/dmania-images/meme-15-the-michelangelo-code-ilogu9e.jpg\"],\"isGIF\":false,\"app\":\"dmania/0.7\"}",
"parent_author": "",
"parent_permlink": "dmania",
"permlink": "deep-shit-zg1hbmlh-i34qi",
"title": "Deep shit"
}
],
"op_in_trx": 0,
"timestamp": "2018-05-28T07:04:24",
"trx_id": "7614bd121c30ce8f7b02258be5b4f38e1522e93d",
"trx_in_block": 35,
"virtual_op": 0
}Manabar
Voting Power100.00%
Downvote Power100.00%
Resource Credits100.00%
Reputation Progress8.42%
{
"voting_manabar": {
"current_mana": "8143659806",
"last_update_time": 1779058926
},
"downvote_manabar": {
"current_mana": 2035914951,
"last_update_time": 1779058926
},
"rc_account": {
"account": "cryptonvester",
"max_rc": "10164408779",
"max_rc_creation_adjustment": {
"amount": "2020748973",
"nai": "@@000000037",
"precision": 6
},
"rc_manabar": {
"current_mana": "10164408779",
"last_update_time": 1779058926
}
}
}Account Metadata
| POSTING JSON METADATA | |
| profile | {"name":"Omega ","about":"White hat hacker, exposing security problems, securing websites. Also MEMES!","profile_image":"https://www.dailydot.com/wp-content/uploads/a04/00/266ab394b86b4ac6-2048x1024.jpg","cover_image":"https://i2.wp.com/thebillion-dollar.com/wp-content/uploads/2016/12/How-To-Become-Ethical-Hacker.jpg?resize=768%2C432","website":"https://lukasvileikis.com"} |
| JSON METADATA | |
| profile | {"name":"Omega ","about":"White hat hacker, exposing security problems, securing websites. Also MEMES!","profile_image":"https://www.dailydot.com/wp-content/uploads/a04/00/266ab394b86b4ac6-2048x1024.jpg","cover_image":"https://i2.wp.com/thebillion-dollar.com/wp-content/uploads/2016/12/How-To-Become-Ethical-Hacker.jpg?resize=768%2C432","website":"https://lukasvileikis.com"} |
{
"posting_json_metadata": {
"profile": {
"name": "Omega ",
"about": "White hat hacker, exposing security problems, securing websites. Also MEMES!",
"profile_image": "https://www.dailydot.com/wp-content/uploads/a04/00/266ab394b86b4ac6-2048x1024.jpg",
"cover_image": "https://i2.wp.com/thebillion-dollar.com/wp-content/uploads/2016/12/How-To-Become-Ethical-Hacker.jpg?resize=768%2C432",
"website": "https://lukasvileikis.com"
}
},
"json_metadata": {
"profile": {
"name": "Omega ",
"about": "White hat hacker, exposing security problems, securing websites. Also MEMES!",
"profile_image": "https://www.dailydot.com/wp-content/uploads/a04/00/266ab394b86b4ac6-2048x1024.jpg",
"cover_image": "https://i2.wp.com/thebillion-dollar.com/wp-content/uploads/2016/12/How-To-Become-Ethical-Hacker.jpg?resize=768%2C432",
"website": "https://lukasvileikis.com"
}
}
}Auth Keys
Owner
Single Signature
Public Keys
STM5wiXVXNzqiGdRBTAkWuqherXyyRVhZNEzG3wtxbdDZgkpYdeXm1/1
Active
Single Signature
Public Keys
STM79KwY5PoV1cpzzFPway7prZfNrUgq4fXxaBG2FyyjDQmnAKmxi1/1
Posting
Single Signature
Public Keys
STM6ZNS4UaHt6CCC8zxxmLkBcDJNkHCabmKDgCWdZZxY31iKqmmKx1/1
App Permissions
@dmania.app1/1
Memo
STM5ECQFDPmuEu8E4r5wpbXiz4dqdr9LCci8RWawBsogp69CR82Wk
{
"owner": {
"account_auths": [],
"key_auths": [
[
"STM5wiXVXNzqiGdRBTAkWuqherXyyRVhZNEzG3wtxbdDZgkpYdeXm",
1
]
],
"weight_threshold": 1
},
"active": {
"account_auths": [],
"key_auths": [
[
"STM79KwY5PoV1cpzzFPway7prZfNrUgq4fXxaBG2FyyjDQmnAKmxi",
1
]
],
"weight_threshold": 1
},
"posting": {
"account_auths": [
[
"dmania.app",
1
]
],
"key_auths": [
[
"STM6ZNS4UaHt6CCC8zxxmLkBcDJNkHCabmKDgCWdZZxY31iKqmmKx",
1
]
],
"weight_threshold": 1
},
"memo": "STM5ECQFDPmuEu8E4r5wpbXiz4dqdr9LCci8RWawBsogp69CR82Wk"
}Witness Votes
0 / 30
No active witness votes.
[]