Alexis Wilke – Page 2 – WindowsTechs.com

Is there a way to know that a cookie is "HTTP Only" on the first user request?

Posted on August 5, 2018 by Alexis Wilke

As I was reading the session fixation article on OWASP, I was thinking that the only way for my server to refuse a cookie set by a rogue script would be for my server to know that the browser sent a request without the HTTP-O… Continue reading Is there a way to know that a cookie is "HTTP Only" on the first user request?→

How long should the OAuth2 requirement to delete Access and Refresh Tokens for code reuse last for?

Posted on August 25, 2017 by Alexis Wilke

In OAuth2 reference, section 4.1.2, we have this paragraph about the code token:

code
REQUIRED. The authorization code generated by the
authorization server. The authorization code MUST expire
shortly after it… Continue reading How long should the OAuth2 requirement to delete Access and Refresh Tokens for code reuse last for?→

Blocking slowloris using fail2ban, what are the correct parameters?

Posted on April 7, 2017 by Alexis Wilke

I have a fail2ban rule for Apache2 logs that which looks like this:

[Definition]
failregex = ^[^ ]+ <HOST> .* \[\] “[^\”]*” 408 \d+

This will detect the 408 errors which happen when a TCP connection times out.

The f… Continue reading Blocking slowloris using fail2ban, what are the correct parameters?→