- Can I use your websites materials such as your notes, articles, and so on please?
Please read the “Copyright” section.
- Why do you use WordPress? Is it the most secure web application?
I do not think that WordPress is completely secure. However, it has a good support team who always support it.
- Why do you want to publish the vulnerabilities?
Because it can show that I am an update security researcher.
- When do you publish a vulnerability as an advisory?
Well, it depends on the vulnerability. If the impact is high, I will post it to the vendor first and 1 week after the hotfix I will publish it.
- Do you want to publish the exploit as well?
I might submit the proof of concept (PoC ) with my advisory. Sometimes PoC is very similar to the exploit, but it’s not the same always!
- Can I send you a vulnerability?
Please send it for www.securityfocus.com instead.
- Do you have any 0-day vulnerability which you don’t want to publish or share?
Everyone has some secrets in his/her life. And, your question is not clear!
- Do you sell your vulnerabilities?
No. But, upon your request, I can find your web application (you should be its owner) vulnerabilities for this reason.
- Can I send you my web application for the security testing?
Yes, but it cannot be free.
- Can I send you a target for penetration testing?
I accept only the legal and ethical penetration testing. Moreover, I can join your penetration testing group if you have an ethical security group.
- Could you develop a web application for me?
Unfortunately I have no time to do that now, however, I can train your developers to code more secure web applications.
