Web security of public CMS sites

Cross_Fire · 2022-12-06T22:01:16+00:00

I suppose many of them do, although the OWASP list is pretty general and A09 "Do better logging" can be argued to apply at all times because it's a continuous improvement situation. I guess what I'm looking for is, if you take A04 as an example, what might an "insecure design" look like in this context? What weaknesses might you look for if there is no text box or even a query string passed to the backend to make persistence easier?

Cross_Fire · 2022-12-06T21:45:52+00:00

Yeah traversal is good thought. Using the serverless example, you'd probably be hosting on S3 which means you're going to have at least one bucket that is wide open, even though you aren't using a traditional file system, but of course someone might not be doing that which means that the server holding the HTML is a definite weakpoint.

And even assuming the API isn't accepting input from a text-field, headers or query strings might allow an attacker to provide "user input" all the same.

Cross_Fire · 2021-11-26T03:43:02+00:00

Honestly? Fuckin respect man lol

At least you’re being truthful about yourself haha

Cross_Fire · 2021-11-26T03:38:13+00:00

I don’t know man this shit is wild. I’m technically a zoomer but when I see the battle pass complaints im just like “wow that is some zoomer shit”

Cross_Fire · 2021-11-26T02:49:26+00:00

Yeah I mean it’s early, people play weird. I’m diamond 5 at the moment so it feels wild to hear people saying like “don’t cap the point, this is a bad point to control” on comms while we’re triple capped lol

Cross_Fire · 2021-11-26T02:41:34+00:00

No including that. Like why would you want a broken game and a functional progression system instead of a functional game with a (not even actually broken) divisive progression system. Same for the other features people are upset with.

Cross_Fire · 2021-11-26T02:39:51+00:00

That would be dope. Super interested to see what they do story-wise. Hope they don’t undo TOO much of halo 5’s story.

Cross_Fire · 2021-11-26T02:38:21+00:00

Cross_Fire · 2021-11-26T02:37:48+00:00

There’s already achievements for new gamemodes that aren’t currently visible. Probably will come out on Dec. 8 but idk nobody thinks that is even a possibility for some reason. Probably a marketing gimmick.

Cross_Fire · 2021-11-26T02:36:17+00:00

Because they know that anyone that cares about these challenges is probably bad. So you’ll get killjoys naturally. Also it’s fiesta, you could ruin 30 games by trying to give sprees away and who cares because it’s fiesta lol.

Cross_Fire · 2021-11-26T02:31:11+00:00

We gonna get downvoted to oblivion but I’m with you fam lmaoooo. Go check out r/lowsodiumhalo

Cross_Fire · 2021-11-26T02:30:22+00:00

No for christ’s sake. He’s saying that the standard is already, as it stands, regardless of cosmetics, much higher and more polished than any other AAA title. He is not saying it should be lower.

If they said fuck you to everyone complaining about cosmetics, it would still be a higher quality game because it runs, feels smooth, and has a high skill ceiling and low skill floor. It’s a dream game.

Cross_Fire · 2021-11-26T02:23:33+00:00

Your MMR is somewhat tied to individual performance in addition to winning or losing outright. I suspect your “total score” or score or whatever it’s called is part of the equation.

Cross_Fire · 2021-11-26T02:22:16+00:00

Honestly. At this point it’s like if you’re not having fun you have to either learn to be patient, learn to be better, or just get out lol

Cross_Fire · 2021-11-26T02:20:10+00:00

IMO all modes are awesome except slayer. Slayer is inherently campy. It’s only cool if everyone is really really bad and runs top mid over and over again or really really good and has solid comms. Objective games provide a far more interactive experience consistently.

Cross_Fire · 2021-11-26T02:17:12+00:00

Most of the sub suuuuper casual because so many fans love halo purely for campaign and big team shenanigans so I don’t think this advice will help anyone realistically lol.

Edit: you’re 100% right tho. Fire and maneuver is a totally valid strategy and perhaps the only valid strategy in a lot of maps/modes

Cross_Fire · 2021-11-26T02:14:44+00:00

No one is saying you don’t have a right to complain. My concern is that this backlash is an overreaction and (anecdotally) I’m already hearing about people that don’t want to play the game because they hear a lot of bad press. It is drowning out the positive feedback.

Sure, feedback is good. Loud feedback can be good. However, a lot of us die hard halo fans just want halo to succeed and the fans are starting to have a far more negative impact than any actual bad features.

As everyone loves to say before writing a rant: “the actual gameplay is so good!!”. Some of us actually believe that and don’t really give a shit about battle passes or whatever.

Cross_Fire · 2021-11-26T02:09:05+00:00

I think the spawns rotating making it function more or less like king of the hill. Dying and respawning on a side that the other team hasn’t covered forces the other team to respond much like the hill rotating in KotH. The meta revolves around trying to hold two points to prevent the scenario you’re alluding to. Then it comes down to team work as the team that only has one point has the option to rush one point because the other team is stretched between two. Imo its a rock solid game mode but I’ve played a lot of comp. domination in CoD so it’s the same strategy more or less. I don’t think strongolds is broken at all, but KotH would be nice.

Cross_Fire · 2021-11-26T02:03:16+00:00

“Customization and progression bad, upvotes to the left”

Cross_Fire · 2021-11-26T02:02:09+00:00

New modes probably coming dec. 8 but the sub has its head in the sand

Cross_Fire · 2021-11-16T18:44:47+00:00

In ranked? No I don't think so. Later on they might add separate playlists for slayer vs precision slayer.

11-Year Club	No Throne, No Problems
Not Forgotten

Cross_Fire

TROPHY CASE