Collaborate Disseminate
OWASP states:
Non-public REST services must perform access control at each API
endpoint. Web services in monolithic applications implement this by
means of user authentication, authorisation logic and session
management. This has several … Continue reading Access Control for REST APIs – OWASP recommendation
I have a map (openlayers) which is integrated in a website made on wordpress. So, the wordpress has almost nothing to do with the map. The map is only included in an article.
The wordpress site is on www.example.com. The map is on mymap.ex… Continue reading Is my website vulnerable if I use Access-Control-Allow-Origin * for a section?
I was given a laptop by my company. I reinstalled everything and now I occasionally open Whatsapp web in the background to reply to messages. Most of the times my laptop is connected to the Company’s Wifi. I wanted to know if they can see … Continue reading Can my company track my laptop if I’ve reinstalled the operating system?
Few organizations would purposefully hand a huge responsibility to a junior staff member before letting them fly solo on their own personal projects, but that’s effectively what happens inside too many corporate networks: organizations delegate specifi… Continue reading Shedding light on the threat posed by shadow admins
Is it safe to refresh your access token using your access token (assuming of course it is still valid)?
And, if not, what makes a refresh token that much more special that it is safe to be used as a means of refreshing access tokens?
… Continue reading Refreshing access token using access token
We can implement MAC (Mandatory Access Control) and DAC (Discretionary Access Control) together and they can complement each other. My understanding is when MAC is there it overrides everything. Can anyone help me understand how they can w… Continue reading Use case where MAC and DAC complement each other
Is there any way to remote access to the laptop without internet? I have ISL online software but for that laptop must have on and have an internet connection. Is there any way to connect it without internet connection?
Consider the following Linux system:
root account is disabled (passwd -l root, passwd -d root),
there is an account ‘admin’, with sudo rights,
there is an account ‘webservice’, with limited privileges, and no sudo rights,
su is disabled v… Continue reading Prevent a remote privilege escalation when the root/admin password is known
So I know what is mandatory access control, however I don’t see how it helps. Often it seems to be said that if you have something like SELinux or Apparmor enabled you are magically more secure. And with this, the permissions of something … Continue reading How is MAC useful?
The onset of COVID-19 and resulting distributed workforce have introduced new and complex challenges for businesses, with 45% of IT decision-makers reporting increased pressure from the board around the security of their organization. These findings hi… Continue reading A great deal of employees have inappropriate access to sensitive data