From Website to Progressive Web App

Ewa Gaperowicz talks about implementation of PWA at Google Developers Day Europe 2017
05 September 2017   1677

Progressive Web App (PWA), in general, is a term used to denote web apps that use the latest web technologies. As such, this year’s PWAs will be average web apps in a few years.

Specifically, though, Progressive Web Apps, also known as Installable Web Apps or Hybrid Web Apps, are regular web pages (or websites) but can appear to the user like traditional applications or (native) mobile applications. This new application type attempts to combine features offered by most modern browsers with the benefits of mobile experience. This specific use of the term is the subject of this article.

Another fresh and hot video from Google Developers Day Europe 2017. In this video, you'll learn where to start with Progressive Web Apps, what to implement, and how to prioritize PWA techniques. You'll also learn how to make the most of 'low hanging fruit' and take advantage of small changes that can have a big impact.

Learn more about PWA:

Third Party Apps Could Read Twitter Messaging

According to the company, no one used this vulnerability and the issues is now solved
18 December 2018   665

Until the beginning of December, third-party applications could access Twitter private messages. According to the company, no one took advantage of this vulnerability. Terence Eden, who found it, was paid almost $ 3,000 under the Bug Bounty program.

In 2013, there was a leak of keys to the Twitter API - so applications could access the interface bypassing the social network. To protect users, Twitter implemented an application authorization mechanism through predefined addresses (Callback URL), but it didn’t suit everyone.

Applications that do not support Callback URLs could authenticate using PIN codes. With this authorization, a window pops up that lists which data the user opens to access. The window did not request access to private messages, but in fact the application received it.

On December 6, Twitter reported that it had solved the problem. Judging by the statement of the company on the HackerOne website, no one had time to take advantage of this vulnerability.

This is not the first social network security error related to the API. In September, Twitter discovered a bug in AAAPI (Account Activity API): the system sent a copy of the user's personal message to a random recipient.