ApexSecurity
Region: US
Saturday 16 May 2026 22:11:22 GMT
274704
11900
200
1294
Music
Download
Comments
globaltaquito :
Yeah bro this isn’t 1995 anymore
2026-05-17 18:43:00
543
sami :
hey, http engineer here. this is bullshit
2026-05-22 16:28:54
34
5D.Connect.4 :
Is this assuming your only guard is in the frontend? Yall need to check your user on the backend
2026-05-16 23:03:50
188
Electricbike :
That’s why you never make admin endpoints on the front end.
2026-05-17 08:03:49
43
Justin☦︎☧ :
this is only for client side, and you will only see the page. most also havo api level security, ao you will see a page with no data.
2026-05-21 06:33:29
18
Jim :
I’m concerned the AI generated sites will be more easily exploited here going forward
2026-05-18 21:45:09
10
Gale :
Yeah, no
2026-06-02 15:54:15
0
bohemian witch doctor :
You’re worry about 403? There’s also a 404
2026-05-17 07:17:23
46
Chainbers :
How? The backend checks the authenticated user’s role in the database, not a header?
2026-05-21 13:50:37
9
Arsenicx2 :
TDIL we are still in 1998 😂
2026-05-18 21:00:28
38
Timi :
Ah yes, the legendary ‘X-Original-URL: /admin’ header… because apparently the firewall’s entire security strategy was just politely asking users not to type /admin directly 😭
2026-05-21 16:36:06
9
Test Test :
Brother, zoom in, change display scaling
2026-05-20 18:28:30
10
user9266615408377 :
Its only an example training page, not a real site. This is not real and sites aren’t using this.
2026-05-21 12:41:23
1
anestissak.py :
the correct approach here would be to protect the endpoint with a token such as JWT and then in the backend check that the token is valid and that the authenticated user has the appropriate access rights, correct?
2026-05-21 10:01:34
5
Crotchety Old Man :
.... Sure... If there is no Auth on the endpoint and it's only based on page or ip authentication....doesnt work if you need user/pass/token validation
2026-05-17 14:00:34
12
Unga Bunga :
Literally no website does origin checks that are that limited
2026-05-17 14:42:05
21
Charlie :
I think that site is build worse than AI would do
2026-05-17 14:25:43
1
brycesteinhoff :
Lol no
2026-05-17 17:18:44
8
liquidsoul :
backend authirization stops this
2026-05-21 15:32:51
1
sami :
clearly no one here even remotely understand the full web stack
2026-05-22 16:33:42
3
alefaza2137 :
Yeah.. right.. maybe 20 years ago
2026-05-22 21:15:30
2
yazan4real :
thats a vibe coder Clint side application lol
2026-05-22 02:09:32
2
dontlookatmynamety :
403 is usually for anti bot like cf or akamai, not for login
2026-05-22 21:04:27
0
To see more videos from user @apexsecurity1, please go to the Tikwm
homepage.
