Suppose we have an application that acts as a middleman, allowing Company A to send reports to their customers. Company A → Company B (me) → Company A's customers After getting the report we send...

With OAuth 2.0 PKCE Flow for Installed App (e.g. a desktop app/cli/client library), it seems that nothing is preventing an attacker to: obtain client_id by using the original app (client_id is pub...

What are the best ways to prevent your website from being Phished? Please cite some technical suggestions and references if possible. Thank you!

I have a payment application in my device, my application connect to that application's service to get a pending-intent for launch payment activity and then listen to result in onActivityResult() m...

Main Question I am working on an API in Java that needs to detect the use of brands (e.g. PayPal, Mastercard etc.) in phishing emails. Obviously there are different strategies that the attackers ...

The Scenario: A web application that once a new user completes the registration, an email will be sent, containing a URL that once tapped from within an iOS device, the iOS app will be launched. T...

Imagine a scenario in which a game X installed on your mobile device wants to access your account information from social network Y. Assume that Y exposes some API, and have features like "login wi...

Is there a service that lets me check a URL to see if it may possibly be a dangerous site? When a user exits our application by clicking on an untrusted link, we sent them through a "are you sure ...

I have encountered the "Phishing Detected" warning in Chrome browser on my dev site. Interestingly I don't encounter the same warning in Firefox or Safari even though, as far I can tell, they are u...

I am sending account activation email from my .net app. I set the from address to "[email protected]" and from name "xyz" where xyz is the name of the domain i.e. our website. It was not a p...

As seen in GitHub's blog, they've implemented HTML5's JavaScript pushState feature for tree browsing (for modern browsers), bringing AJAX navigation without Hash Bangs. The code is simple: $('#sl...

I've noticed for a very long time that when you try to copy a link location or open a link on Facebook, it modifies the link and passes it through l.php. For example, I can be sent to http://w...

Phishing is a very serious problem that we face. However, banks are the biggest targets. What methods can a bank use to protect its self from phishing attacks? What methods should someone use...

I got very concerned reading this genius post by Aza Raskin. What are the non-browsers solutions to defend against TabNabbing? Are there any?

A few of my non-IT coworkers opened a .html attachment in an email message that looks extremely suspicious. It resulted in a blank screen when it appears that some javascript code was run. <sc...

I've been doing a fair bit of work with OAuth recently, and I have to say that I really like it. I like the concept, and I like how it provides a low barrier-of-entry for your users to connect up t...