Collaborate Disseminate
As one can see on the screenshot below, connecting to the company VPN via FortiClient issues a X509 verify certificate failed.
I have informed the CIO who is the security person as well but it is not a priority for him. I can understand to… Continue reading Connecting to company VPN issues a failed certificate verification
I am a hobby developer and am developing an application with a Node JS / Express backend and a React frontend.
I am currently learning about Cross Site Request Forgery (CSRF), and I want to make sure that I understand it right.
As a victim… Continue reading Is my understanding of CSRF, SOP and CORS correct (Express / React)?
I am using Oauth1 to connect to NetSuite Restlet API for multiple customers.
To do so I make use of these values to authenticate and sign the request
API URL (unique per customer)
Realm (unique per customer)
ConsumerToken (64 char hexade… Continue reading OAuth1 tokens: Is consumerToken and ConsumerSecret considered a secret value
I was loading my sites front end and watching the responses in burpsuite when I noticed a response which contained a very verbose sql error
"message": "SQLSTATE[22P02]: Invalid text representation: 7 ERROR: invalid inpu… Continue reading SQL Injection detected
I’m working for a client who has built a Medical product that is built on top of Windows 10. The application logs have to be manually extracted via USB, however the client only wants specific, preauthorized USBs to be allowed to attach.
Is… Continue reading Only allow approved USB devices to connect to device
Is there an application to create an archive (e.g. 7z, zip, rar, etc) that can be accessed with multiple valid passwords?
For example the password protected archive "example.7z" can be extracted using either "Passw0rd",… Continue reading Application to archive a file with multiple passwords [duplicate]
My question is : Is this approach correct given I have a non-Oauth service? My goal is to use the simplest amount of security features while still being as strong as possible.
My approach is as follows and I am asking for feedback on wheth… Continue reading I have a non-Oauth service and am using this approach with Server initiated HttpOnly cookies with stripped JWT
RODCs can be deployed in locations where physical security cannot be guaranteed, to improve the security. This is the primary use case where a RODC should be deployed.
An other scenario would be to deploy a RODC in an insecure network segm… Continue reading Read-Only Domain Controller (RODC) in Insecure Networks – Security Benefits
Anyone know of a VPN client that can authenticate with the user’s Google account?
I’m hoping for a Windows VPN client that normal users can easily connect to the VPN with only their Google account (SAML). The idea here is to have the user … Continue reading VPN client for Windows that authenticates with Google SAML [migrated]
I understand that SYN flood is effective due to how protocol works, waiting around 75 seconds before closing the connection.
What about ACK flood, what does it happen on the destination side that makes this attack effective (hypothetically… Continue reading Why ACK flood is effective?