Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Mastering App Security: 7 Crucial Risks Every Developer Must Mitigate (akashrajpurohit.com)
5 points by ghostfoxgod on June 21, 2023 | hide | past | favorite | 2 comments



Hey Akash. You highlighted the security risks very well in the blog and I feel whenever the security aspect comes on a plate, it gets the bare minimum attention unless some major attack impacts the system. Since you have mentioned sensitive URLs in the Direct Insecure Object References part, I was relating to one of the concerns which is preventing the users from posting phishing/vulnerable links. Unless you get a notification that this is a vulnerable link, it gets clicks. This is very common when products allow communication among the user's Eg. forums, communities, chatting applications etc.

Generating Link Previews can be one of the possible solutions, especially when the preview shows a vulnerable alert, that would eventually prevent a user from clicking the link. Our approach (within my team) has been to help in this direction by creating an API that extracts metadata from URLs and therefore ensures secure link sharing. Here’s a blog ( https://apyhub.com/blog/secure-link-preview ) where we discussed the issue in some more detail. Would be super curious to hear your thoughts.

Cheers,

Sohail


Pardon my ignorance, but I did not get this part "when the preview shows a vulnerable alert", how is this happening? From the blog you linked, I see that the preview is basically generated from the opengraph tags for a given link, not really sure how a phishing/vulnerable links can be caught beforehand via these previews?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: