FAQs
- Can I use your websites materials such as your notes, articles, and so on please?
If you would like to use my blog materials (such as documents, articles, ideas, and so on) , please write my name “Soroush Dalili” and my website address “soroush.secproject.com” clearly on it.
So, please do not forget to put my link and my full name clearly visible under or on top of my materials.
- Why do you use WordPress? Is it the most secure web application?
I do not think that WordPress is completely secure. However, it has a good support team who always support it.
- Why do you want to publish the vulnerabilities?
Because it can show that I am an update security researcher.
- When do you publish a vulnerability as an advisory?
Well, it depends on the vulnerability. If the impact is high, I will post it to the vendor first and 1 week after the hotfix I will publish it.
- Do you want to publish the exploit as well?
I might submit the proof of concept (PoC ) with my advisory. Sometimes PoC is very similar to the exploit, but it’s not the same always!
- Can I send you a vulnerability?
Please send it for www.securityfocus.com instead.
- Do you have any 0-day vulnerability which you don’t want to publish or share?
Everyone has some secrets in his/her life. And, your question is not clear!
- Do you sell your vulnerabilities?
No. But, upon your request, I can find your web application (you should be its owner) vulnerabilities for this reason.
- Can I send you my web application for the security testing?
Yes, but it cannot be free.
- Can I send you a target for penetration testing?
I accept only the legal and ethical penetration testing. Moreover, I can join your penetration testing group if you have an ethical security group.
- Could you develop a web application for me?
Unfortunately I have no time to do that now, however, I can train your developers to code more secure web applications.
