Collaborate Disseminate
Background:
There are a lot of self-hosted web applications these days, and often, more than one for the same purpose. In my case I am looking for a replacement for GitHub or other big tech/cloud git platforms. But I am stack at: security…. Continue reading Evaluating Self-Hosted Web Applications
My requirement is to implement auto-login URLs for one-click authentication. We will generate an URL with a login token (e.g. https://my-company.com/autologin?token=${autoLoginToken}), which will act as a credential in our authentication.
… Continue reading Usage of OTPs in combination with long-lived auto login URLs
I’m reading Alice and Bob Learn Application Security and I came across this sentence:
To protect highly sensitive data, it is recommended that you flush
the memory when your program exits, logs out, or is otherwise ended.
Considering a w… Continue reading Flush the memory when the application is ended
From personal experience many mobile apps that I’ve tested don’t actively detect and discourage (with a warning) or even block the app from running on/in:
a rooted/jailbroken Android/iOS device
emulated environment
an end-of-life iOS or e… Continue reading Should mobile app developers actively prevent apps from running on outdated devices/rooted devices/emulators for security purposes?
I read the network+ and basic linux , a little java script(i reading), html, python
But whenever I read vulnerability
I dont understand
I dont know where to work on vulnerabilities, what tools to work with, or I dont know which vulnerabili… Continue reading i need help in the web application
Is it possible to edit and alter the capabilities of an app downloaded from an app store? For instance, could someone download Zoom and then manipulate it and change its functionality to be able to perform extraordinary tasks, such as read… Continue reading Is it possible to alter an established application’s functionality? [closed]
I’m playing with ModSecurity and need help. I’m trying to add a condition in the conf file where if there is specific header in the request then the SecRuleEngine should be On else it should be DetectionOnly. I tried the below condition in… Continue reading ModSecurity Condition Based Block Mode?
There are plenty of scammers trying to get access to my bank account. Usually they call me claiming they are from my bank’s fraud department, and try to convince my that there is a problem with my bank account and to protect my money I sho… Continue reading Bank scammer and banking app
May I have some guidance for a project I am working on?
These are the requirements:
A Dataset needs to be submitted in a .csv format, delimited by ‘|’
The Dataset needs to be submitted periodically (once per month)
There are ID columns in… Continue reading Assure Deterministic Hashing/Encryption Process can be Replicated if Rebuilt
I’ve recently been made aware that this paid for app can store pictures to internal storage when received without even being read. Have I been mislead?
Does this pose a security threat and if so, to what degree?