Someone, somewhere, is trying to break into your app

Profile image of Mattias Geniar

Mattias Geniar, April 21, 2020

Follow me on Twitter as @mattiasgeniar

It’s good to be reminded of the fact that the internet is, in fact, a pretty hostile place.

At any point in time, it’s safe to assume that someone is trying to gain access to your application in ways you did not intend. Their goal might be to test your security, to steal your database content or just for the fun of watching your app burn.

For Oh Dear, the uptime monitoring we’re building, we are using an error and exception tracker called Flare.

This morning, I saw this e-mail come in.

Flare App: XSS detected

That’s cute, someone is trying to determine if we escape output correctly by trying malicious input. If this would have worked, it could allow for JavaScript execution on pages where we did not intend it (like perhaps our status pages).

While it isn’t the goal of Flare to provide security alerts, it’s a nice side effect of monitoring for exceptions and errors.

So my question to any reader here: if someone did this in your application, would you know and be notified?

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.