Application Security Cheat Sheet

Application Security Cheat Sheet
Android Application
CI/CD
- Dependency
- GitHub
Cloud
- AWS
Container
Framework
- Spring
- React
  - Overview
  - Security Issues
Linux
- Overview
- Bash Tips
iOS Application
- Overview
- Getting Started
Resources
Web Application

Powered by GitBook

On this page

Dependency Hijaking

PreviousDependency Confusion NextTyposquatting

Last updated 2 years ago

Package owners can use email with a custom domain name to register with various package managers such as npm, pypi, etc. If a domain name is expired, an attacker can register this domain name and gain access to an account through password recovery.

"Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains – The Hacker BlogThe Hacker Blog