DEV Community

loading...

Discussion on: How To Become A Web Security Researcher?

tux0r profile image
tux0r

There is no "best framework".

Thread Thread
sinxloud profile image
sinxloud Author

commonly used..

Thread Thread
tux0r profile image
tux0r

jQuery, Angular and React, I guess. Everything else cannot be said.

Also, it does not matter for web security at all.

Thread Thread
sinxloud profile image
sinxloud Author

If it doesn't matter for web security then Web Application Security is a joke.

I encourage you to refer to this security report :

CRITICAL Account takeover via AngularJS template injection in connect.squareup.com

hackerone.com/reports/26700

$2000 bounty paid by Square...

Thread Thread
tux0r profile image
tux0r

I encourage you to think about whether knowing the framework was relevant here at all. Knowing JavaScript was the only requirement to find this bug.

And yes, I think that "web application security" is a joke. If you want to have a secure application, do not put it in the weakest part of the computer (your web browser)!

Thread Thread
sinxloud profile image
sinxloud Author

OK...

Thread Thread
projectrhonin profile image
Rhonin

It matters in so far as: at the end of the day you have to provide guidance to developers, who may or may not understand the security implications at a deep level. These developers are possibly using "common" frameworks and you need to know what these frameworks do and don't bring to the table. Some do common validation and output encoding for example. Some use functions with cryptographic weaknesses ECT ECT ECT. You wouldn't be able to provide guidance to them if you don't understand the framework they are using (ie the way the language is implemented).

Its also important in pentesting because it allows you to target commonly used packages and implementation for research or do hit known vulnerabilities.

Thread Thread
sinxloud profile image
sinxloud Author

We are talking about security researchers. read this article again.