FAQs

– Can I use your websites materials such as your notes, articles, and so on please?

Yes, sure, I’m writing for this reason. But I have a request: if you would like to use my blog materials (such as documents, articles, ideas, and so on) , please write my name “Soroush Dalili” and my website address “soroush.secproject.com” clearly on it.

– Why do you use WordPress? Is it the most secure web application?

I do not think that WordPress is completely secure. However, it has an awesome team who cares about it and constantly supports it.

– Why do you want to publish the vulnerabilities?

I like to share my knowledge with the security researchers and the developers, and I also want to show off my skills too!?!!

– When do you publish a vulnerability as an advisory? Do you release them as 0-dayz?

Well, it depends on the vulnerability. If the impact is high, I will post it to the vendor first and usually a week after the hotfix I will publish it.

– Do you also publish the exploits?

I might submit a proof of concept (PoC ) with an advisory but not an exploit that can harm others. Sometimes a PoC is very similar to an exploit code, but it’s not the same always!

– Can I send you a vulnerability?

I love to have some 0-dayz as long as you do not exploit me! I like to see your methods and I will keep it secret if you want me to.

– Do you have any 0-day vulnerability which you don’t want to publish or share?

Everybody has some secrets in his/her life. I like responsible disclosure though. And, your question is not clear!

– Do you sell your vulnerabilities?

No. But, upon your request, I can find your web application (you should be its owner) vulnerabilities for this reason. Please send me an email for more information.

– Can I send you my web application for the security testing?

Yes, but it cannot be free unless I can receive credit for it.

– Breaker or a builder?

It is more fun to be a breaker. I try to be constructive though.

Leave a Reply

Your email address will not be published. Required fields are marked *