Anonymous – WindowsTechs.com

does this cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 work with TLS 1.3?

Posted on August 20, 2025 by Anonymous

I am running a TLS server using java, when I configure the server with this cipher and TLS 1.3 , I am getting an error that cipher does not support tls 1.3.
On this website https://ciphersuite.info/cs/TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384/… Continue reading does this cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 work with TLS 1.3?→

Which is better, configurable TLS version, or hardcoded TLS version?

Posted on August 6, 2025 by Anonymous

I am reviewing TLS configurations in my code, there are several places where there is TLS.
In these places, TLS version is hardcoded to TLSv1.2. I want to make sure that TLS 1.3 is also supported. To do so, which is better, to add tls 1.3 … Continue reading Which is better, configurable TLS version, or hardcoded TLS version?→

risk assessment vs threat modelling

Posted on May 20, 2025 by Anonymous

I want to have a definitive understanding of the terms risk assessment and threat modelling. I read different articles, but I still can’t grasp the difference.
How do I know which exercise I should do?
My objective is to review new feature… Continue reading risk assessment vs threat modelling→

what is the recommended xml secure configuration to prevent xxe

Posted on April 16, 2025 by Anonymous

I want to write down as a security requirements, the recommended security configurations that should be applied to any xml parser.
I checked the OWASP cheatsheet (https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Preventio… Continue reading what is the recommended xml secure configuration to prevent xxe→

what is the recommended xml secure configuration to prevent xxe

Posted on April 16, 2025 by Anonymous

is Subresource Integrity (SRI) Not Implemented considered a vulnerability [closed]

Posted on March 27, 2025 by Anonymous

Some DAST (Dynamic Application Security Testing) scanners report this as a vulnerability and they assign it a CVSS score.
Is it really considered a vulnerability? or it is a best practice?

Continue reading is Subresource Integrity (SRI) Not Implemented considered a vulnerability [closed]→

Web application contains a link to a non-existing domain, is this a vulnerability?

Posted on March 11, 2025 by Anonymous

I got a Dynamic Application Security Testing (DAST) scan that reports an issue on a web application.
It says "The web application contains a link to a non-existing domain" and it’s marked with severity high. The domain is fonts.g… Continue reading Web application contains a link to a non-existing domain, is this a vulnerability?→

standard to identify security checklist for web application/apis

Posted on March 5, 2025 by Anonymous

I am looking for a standard to refer to in order to write a security checklist that could be followed to proactively implement security at design level.
I went through the OWASP ASVS, it mentions some recommendations, but they are generic…. Continue reading standard to identify security checklist for web application/apis→

could XXE vulnerability lead to an RCE

Posted on February 27, 2025 by Anonymous

I have identified an XXE vulnerability in an XML parser of an application that allows external entities.
I used the below crafted xml to do a get request on localhost on port 9090, and on the same machine where the XML parser runs, I start… Continue reading could XXE vulnerability lead to an RCE→

Web Server Generic Cookie Injection

Posted on February 24, 2025 by Anonymous

After running a Nessus scan, one of its plugins checks for cookie injection called "Web Server Generic Cookie Injection" (https://www.tenable.com/plugins/nessus/44135)
The scan shows that this issue exists on a site. It shows tha… Continue reading Web Server Generic Cookie Injection→