Collaborate Disseminate
If there are admin consoles on the internal network and TLS has been disabled what is the use case for enabling it?
The only use case I can think of is when you have untrusted users on the network who could potentially use pack sniffers t… Continue reading What is the use case for using TLS on an internal network?
We have a tier 1 and tier 2 firewall
What are the use case to host services on tier 2 firewall? e.g. is connection from field enineers/remote workers one of those?
What security risks and controls should i be considering for tier 2 servic… Continue reading What are the use case to host services on tier 2 firewall?
I have an app which connects to an API. The API TLS certificate is about to expire and we are using Public key Pinning.
How do I rotate the certs without disabling access to our users?
When rotating certs; can I change the private key w… Continue reading Rotating TLS Certs used with Public key Pinning
This is probably a massive noob question, but Google results aren’t being helpful and I couldn’t find something specific here.
I made this server that just hosts IRC, HTTP and SSH for some friends. I have done this sort of thing before, a… Continue reading How did the brute-forcers get my IP address so quickly?
I am setting up AWS SFTP which uses s3 to store files. I am setting up sftp to exchange files with third party organisations. When i receive files i want to ensure no malicious content is received. How do i scan objects that arrive into my… Continue reading How do i scan my AWS S3 buckets for malicious content/objects?
I have a website and i want to consume public API from third party services such as Zoopla, weather etc.
I want to ensure i do not consume malicious code/malware from the data retrieved from the 3rd party services.
What ar… Continue reading Security considerations of consuming public API
This question already has an answer here:
I have a mobile app that queries various 3rd party API/sites (these are https links). I have a concern that SSL proxies (e.g. Charles) can be used to intercept the traffic – man in the middle.
Are there any instances that charles would not ables to read the traffic?
It seems crazy to me that something basic like SSL proxy can undermine a well used technology – TLS.
What are my options to mitigate against a SSL proxy decrypting the traffic and possibly seeing sensitive information?
Would Public key pinning be a possible mitigation ? Anything else?
I have an EC2 instance with an Windows OS with anti virus installed.
I have a requirement to attach a file share to the OS where the application is hosted. The file share is Amazon Fsx ( Amazon’s native windows file system)… Continue reading Can I rely on Operating System (OS) Anti Virus (AV) scanning to scan files shares?