FAQs

- Can I use your websites materials such as your notes, articles, and so on please?

Yes, sure, I’m writing for this reason. But I have a request: if you would like to use my blog materials (such as documents, articles, ideas, and so on) , please write my name “Soroush Dalili” and my website address “soroush.secproject.com” clearly on it.

- Why do you use WordPress? Is it the most secure web application?

I do not think that WordPress is completely secure. However, it has an awesome team who cares about it and constantly supports it.

- Why do you want to publish the vulnerabilities?

I like to share my knowledge with the security researchers and the developers, and I also want to show off my skills too!?!!

- When do you publish a vulnerability as an advisory? Do you release them as 0-dayz?

Well, it depends on the vulnerability. If the impact is high, I will post it to the vendor first and usually a week after the hotfix I will publish it.

- Do you also publish the exploits?

I might submit a proof of concept (PoC ) with an advisory but not an exploit that can harm others. Sometimes a PoC is very similar to an exploit code, but it’s not the same always!

- Can I send you a vulnerability?

I love to have some 0-dayz as long as you do not exploit me! I like to see your methods and I will keep it secret if you want me to.

- Do you have any 0-day vulnerability which you don’t want to publish or share?

Everybody has some secrets in his/her life. I like responsible disclosure though. And, your question is not clear!

- Do you sell your vulnerabilities?

No. But, upon your request, I can find your web application (you should be its owner) vulnerabilities for this reason. Please send me an email for more information.

- Can I send you my web application for the security testing?

Yes, but it cannot be free unless I can receive credit for it.

- Breaker or a builder?

It is more fun to be a breaker. I try to be constructive though.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>