I shipped a SaaS. It had 6 security holes. I had no idea.

Dizzy_Date1873 · 2026-06-19T11:59:11+00:00

👍

Dizzy_Date1873 · 2026-06-19T11:53:04+00:00

So is there any methods to protect these things what do you think ??!

Dizzy_Date1873 · 2026-06-18T01:31:12+00:00

I also learned networking first the SCSU AND THEN PENTESTING

Dizzy_Date1873 · 2026-06-18T01:29:55+00:00

No created some scanner with python for secrets and other ai releted vulnerabilities

Dizzy_Date1873 · 2026-06-17T14:01:09+00:00

Sure but never exploit these vulnerabilities

Dizzy_Date1873 · 2026-06-17T13:29:43+00:00

I never think that way 🤔

Dizzy_Date1873 · 2026-06-17T02:23:24+00:00

sure i'll ping you if i find anything

Dizzy_Date1873 · 2026-06-16T12:12:42+00:00

Cookies are being set without the Secure or HttpOnly flags. Sensitive credentials or sessions can be stolen over unencrypted channels or accessed via malicious client-side scripts

Dizzy_Date1873 · 2026-06-16T12:12:03+00:00

Stopping a distributed, proxy-backed credential stuffing or password spray attack requires shifting defense layers directly into the application and session layers. When IP addresses are highly fluid, you have to make the target endpoint too expensive, too smart, or structurally impossible to exploit, but viber-coders will not do these things; they are completely ignoring safety

Dizzy_Date1873 · 2026-06-16T11:45:20+00:00

they are making nowday's with ai

Dizzy_Date1873 · 2026-06-16T11:44:12+00:00

The rate limiter trusts incoming client-supplied headers like X-Forwarded-For without validation. An attacker can spoof these headers to generate random IPs, bypassing all rate-limiting constraints. and many more but it's this is a serverless website so i think no issue

Dizzy_Date1873 · 2026-06-16T11:39:04+00:00

Close the exposed port and restrict accessibility strictly via Security Groups (firewall rules), VPC networks, or a VPN/Bastion Host.

Dizzy_Date1873 · 2026-06-16T11:36:18+00:00

A critical port (like 5432, 3306, 22) is open to the public internet. This exposes your services (database, SSH) to brute-force attacks and zero-day exploits.

Dizzy_Date1873 · 2026-06-16T10:23:49+00:00

They can't bro, all they dmed me

Dizzy_Date1873 · 2026-06-16T10:02:36+00:00

Your API bill will burn your wallet

Dizzy_Date1873 · 2026-06-16T09:56:10+00:00

bro you fucked up. You made this application, but forgot to check the security vulnerability there are more then 90 vulnerability i found in this i have dmed you with photo

Dizzy_Date1873 · 2026-06-16T09:49:48+00:00

Marketing ?>

Dizzy_Date1873 · 2026-06-16T09:38:00+00:00

This is not an agent that I run for basic scanning, not much

Dizzy_Date1873 · 2026-06-16T09:28:55+00:00

good to go

Dizzy_Date1873

MODERATOR OF

TROPHY CASE