Innhold om Sikkerhet
Totalt 93 innlegg
Side 6 av 7
Time to clean up your social logins
As the end of the year closes in, there are no shortage of tips on how to get your home ready for the festive season. We think you should take a time out, and consider which application should still have access to your social accounts.
As the end of the year closes in, there are no shortage of tips on how to get your home ready for the festive season. We think you should take a time out, and consider which application should still have access to your social accounts.
Security in containers and orchestrations
Containers is the currently best way to build software for platform independence, and an orchestration service manages them, but how about that security?
Containers is the currently best way to build software for platform independence, and an orchestration service manages them, but how about that security?
Secure password storage - for users
Having unique passwords for every site and service presents us with the problem of remembering, or rather, storing our passwords in a safe but practical matter. How do we cope with hundreds of passwords?
Having unique passwords for every site and service presents us with the problem of remembering, or rather, storing our passwords in a safe but practical matter. How do we cope with hundreds of passwords?
Security headers
How the browser and the webserver can join forces to protect both the user and the webserver: Enter security headers!
How the browser and the webserver can join forces to protect both the user and the webserver: Enter security headers!
Content Security Policy
Use Content Security Policy (CSP) headers to prevent loading of untrusted resources and mitigate cross-site scripting (XSS) attacks
Use Content Security Policy (CSP) headers to prevent loading of untrusted resources and mitigate cross-site scripting (XSS) attacks
Cross Site Scripting (XSS)
At the beginning, web pages were very static. They were written in HTML, and the web browser had one job, to render the HTML to a page filled with text, images and links. After a few years, the developers wanted more, and JavaScript got introduced.Together with JavaScript came a new breed of vulnerabilities, where the attackers could exploit the possibility to run code in browsers, this was called Cross Site Scripting or XSS.
At the beginning, web pages were very static. They were written in HTML, and the web browser had one job, to render the HTML to a page filled with text, images and links. After a few years, the developers wanted more, and JavaScript got introduced.Together with JavaScript came a new breed of vulnerabilities, where the attackers could exploit the possibility to run code in browsers, this was called Cross Site Scripting or XSS.
Predictable HTTP-responses
If your API has sensitive endpoints which returns different HTTP-responses given user action A or B, then this information is enough to infer user information which can be exploited. Learning from Tinder, let's investigate why having non-deterministic HTTP-responses are important and try to make our most business-critical API-endpoints more secure.
If your API has sensitive endpoints which returns different HTTP-responses given user action A or B, then this information is enough to infer user information which can be exploited. Learning from Tinder, let's investigate why having non-deterministic HTTP-responses are important and try to make our most business-critical API-endpoints more secure.
Cross Origin Resource Sharing
Cross Origin Resource Sharing (CORS) is an important concept in modern webapplication security. We will try to explain what it is.
Cross Origin Resource Sharing (CORS) is an important concept in modern webapplication security. We will try to explain what it is.
OWASP ZAP
Do you want to try more hands on security testing, but you're not quite sure where to begin? Keep on reading!
Do you want to try more hands on security testing, but you're not quite sure where to begin? Keep on reading!
Revoking of certificates
Managing certificates, and rotating them in due time can quickly get out of hand.
Managing certificates, and rotating them in due time can quickly get out of hand.
Injections
Did you know that an attacker could inject code into your application, which could retrieve data or do something else that you did not anticipate?
Did you know that an attacker could inject code into your application, which could retrieve data or do something else that you did not anticipate?
Error messages and information leakage
Did you know that your application may be giving valuable clues to an attacker if an error occurs?
Did you know that your application may be giving valuable clues to an attacker if an error occurs?
Two-factor authentication
You have been told that two-factor authentication is important, but why, and what is it really?
You have been told that two-factor authentication is important, but why, and what is it really?
Forgot password - your chance to shine, or fail
Make an effort on User Experience and security awareness when implementing "Forgot password", and avoid exposing sensitive user information
Make an effort on User Experience and security awareness when implementing "Forgot password", and avoid exposing sensitive user information
Cross Site Request Forgery
Have you ever wondered how someone could steal money from your bank account while you browse certain sites, or post as you on Facebook? That is called Cross Site Request Forgery (CSRF), and we will try to explain what it is, and how you protect your website and users against it.
Have you ever wondered how someone could steal money from your bank account while you browse certain sites, or post as you on Facebook? That is called Cross Site Request Forgery (CSRF), and we will try to explain what it is, and how you protect your website and users against it.