Collaborate Disseminate
I’m building a Single-Page App (SPA) and a RESTful API. The API needs security – certain users can only make calls to certain endpoints. I have an external Identity Provider (IdP (Okta)) that I want the user to authenticate w… Continue reading OIDC Flow for SPA and RESTful API
I’m building a Single-Page App (SPA) and a RESTful API. The API needs security – certain users can only make calls to certain endpoints. I have an external Identity Provider (IdP (Okta)) that I want the user to authenticate w… Continue reading OIDC Flow for SPA and RESTful API
I have searched online about this topic and the only information I got is that TCP SYN/ACK can be used to know the type of the target OS. If that is true, I don’t understand how this occurs? Does TCP handshaking lead to OS fi… Continue reading OS fingerprinting via TCP
I am really confused between the following three terms:
Overt Channel.
Covert Channel.
Side-Channel.
I feel frustrated! I’ve been searching about them to find a clear explanation but I keep getting confused more. I REALLY… Continue reading Covert, Overt, and side channels
My goal is to isolate a computer on my home network. This computer (a rapsberry pi) should be considered untrusted and is accessible from the internet (port 22). I need a solution that will prevent this raspberry pi from accessing or inter… Continue reading Isolating Computer on Home Network Using Multiple Routers
I’m looking at some old classic ASP sites which could do with a bit of tightening up. The SQL server database connection string has the password in clear text within an include file on the server. Obviously this is nasty as anyone with acc… Continue reading Hiding database passwords for classic ASP connection strings
Looking at some old classic ASP sites which could do with a bit of tightening up. The SQL server database connection string has the password in clear text within an include file on the server. Obviously this is nasty as anyon… Continue reading Hiding database passwords for classic ASP connection strings
How serious hackers find them ? Because when I search, it seems that most of the downloads I come across may contain backdoor.
Is there some kind of “official” site for one good R.A.T.?
Thanks.
Continue reading Where to find safe downloads of R.A.T. like Dark Comet or Nj Rat? [on hold]
Imagine a generic web application with a login form to access the application. Regardless of how the actual authentication is performed, what are the implications of not checking the referer header to verify the submit reques… Continue reading What are the risk implications of not verifying referer header on login form?
In another question, Thomas’ answer mentioned the AES-NI instruction set, which piqued my curiosity.
Is there a tool or process available out there to check whether the instruction set is available (besides comparing CPU model numbers)?
… Continue reading Tool or Process to check for AES-NI support on processor?