Collaborate Disseminate
Our business is in the payment processing space and one of our core products is a Payment Gateway API. In terms of security we issue an API Key, Signature and RSA Encryption for sensitive information in the payload all over SSL. Customers … Continue reading What is the best way to validate third-party domains calling an API?
Another posted the exact same question and it was dismissed saying PayPal would never do such a thing.
Well, I was adding a bank acct yesterday to transfer funds and PayPal popped up a username and password login for my bank.
Why?
Continue reading Why is PayPal asking for my bank password? [duplicate]
I noticed, that the direct download link to the whole list as an archive has vanished from the page at https://haveibeenpwned.com/Passwords .
It now refers to the PwnedPasswordsDownloader git-repo which offers a Windows dotNet Tool. But I … Continue reading How to get the pwned password list under Linux in the aera of ‘PwnedPasswordsDownloader’? [closed]
I am trying to connect to a server using SFTP protocol
To connect successfully, I had to do the following from the centos terminal.
sftp -o KexAlgorithms=diffie-hellman-group1-sha1 -o Ciphers=aes256-cbc USER_NAME@IP_ADDRESS
Now I want to … Continue reading Curl how to specify KexAlgorithms and Cipher [migrated]
I have an executable, and I have the SSL certificates and keys necessary to establish the secure connection. The application performs self-updating by downloading and replacing itself with an updated executable. What is the proper way to d… Continue reading How do I ship my SSL keys with my application?
I have a program that captures packets on my kali virtual machine and stores them in a queue table by the commands:
iptables -I INPUT -j NFQUEUE –queue-num 0
iptables -I OUTPUT -j NFQUEUE –queue-num 0
So the queue number is 0, and here … Continue reading Using netfilterqueue I can’t ping correctly when modifying a packet and sending it with scapy? [migrated]
We currently have a web application running on a dedicated server with a domain.
Our informational website is also running on same server under same domain name.
Currently when clients want to access the web applications, they just go to o… Continue reading Running web application on separate server [closed]
A new client wants to conduct KYC checks on users on a basic level, meaning they will need to submit their ID card (Hong Kong) and proof of address. The client will simply check the documents manually before verifying the user.
I’m not ent… Continue reading Is there a service for storing sensitive user identity documents? [closed]
I was reading the BitWarden Security Whitepaper (BitWarden is an open source, zero-knowledge password manager that performs encryption/decryption on the client side) and came across the following statement:
A Master Password hash is also … Continue reading Security implications of using a plaintext master password as the salt for PBKDF2 in a zero-knowledge system
My web app stores personal data about the user, but on the user’s phone only (HTML5 Local Storage). The data is never touched by any server or database. I can’t see the data. My server can’t see the data. I do not store it anywhere outside… Continue reading Does GDPR apply if my web app stores personal data on the user’s phone only? [migrated]