PWA: What, Why, and How?

Overview of Progressive Web Apps from Sam Dutton at Google Developer Days Europe
05 September 2017   1665

Progressive Web App (PWA), in general, is a term used to denote web apps that use the latest web technologies. As such, this year's PWAs will be average web apps in a few years.

Specifically, though, Progressive Web Apps, also known as Installable Web Apps or Hybrid Web Apps, are regular web pages (or websites) but can appear to the user like traditional applications or (native) mobile applications. This new application type attempts to combine features offered by most modern browsers with the benefits of mobile experience. This specific use of the term is the subject of this article.

Progressive Web Apps combine the best of the web and the best of apps. They load quickly, even on flaky networks, can re-engage with users by sending web push notifications, have an icon on the home screen, and load as top-level, full screen experiences. In this fresh videocap from Google Developer Days, Europe 2017 Sam Dutton explains the what, why, and how of Progressive Web Apps, and works through code examples.

Learn more about PWA:

Third Party Apps Could Read Twitter Messaging

According to the company, no one used this vulnerability and the issues is now solved
18 December 2018   677

Until the beginning of December, third-party applications could access Twitter private messages. According to the company, no one took advantage of this vulnerability. Terence Eden, who found it, was paid almost $ 3,000 under the Bug Bounty program.

In 2013, there was a leak of keys to the Twitter API - so applications could access the interface bypassing the social network. To protect users, Twitter implemented an application authorization mechanism through predefined addresses (Callback URL), but it didn’t suit everyone.

Applications that do not support Callback URLs could authenticate using PIN codes. With this authorization, a window pops up that lists which data the user opens to access. The window did not request access to private messages, but in fact the application received it.

On December 6, Twitter reported that it had solved the problem. Judging by the statement of the company on the HackerOne website, no one had time to take advantage of this vulnerability.

This is not the first social network security error related to the API. In September, Twitter discovered a bug in AAAPI (Account Activity API): the system sent a copy of the user's personal message to a random recipient.