Collaborate Disseminate
BinaryFormatter has been removed from C# due to security concerns. In the migration guide it is written:
"Any deserializer, binary or text, that allows its input to carry information about the objects to be created is a security probl… Continue reading What is the problem with Deserialization?
One can’t secure what they don’t have visibility on. Over the years, we’ve had hundreds of new APIs developed but there is no central place to look at all the endpoints. I am trying to gain visibility on all APIs (including their body/para… Continue reading Gaining visibility on APIs used in an organisation
I have a theoretical question regarding the comparison of password-based encryption and password hashing. Not sure if Stackoverflow or crypto is the best place, but this is more on the side of programming and API/database/application secur… Continue reading Is password-based encryption better than traditional password hashing?
Context:
To briefly describe our system, we are preparing a cryptocurrency exchange platform similar to Binance or Bybit. All requests are handled through APIs. We have an External API Gateway that receives and routes client requests as th… Continue reading What Is the Best Validation Logic for an Internal API Gateway in Trading Systems?
Oligo Security has raised $50 million in Series B funding for its application detection and response (ADR) platform.
The post Oligo Raises $50M to Tackle Application Detection and Response appeared first on SecurityWeek.
Continue reading Oligo Raises $50M to Tackle Application Detection and Response
Background:
There are a lot of self-hosted web applications these days, and often, more than one for the same purpose. In my case I am looking for a replacement for GitHub or other big tech/cloud git platforms. But I am stack at: security…. Continue reading Evaluating Self-Hosted Web Applications
My requirement is to implement auto-login URLs for one-click authentication. We will generate an URL with a login token (e.g. https://my-company.com/autologin?token=${autoLoginToken}), which will act as a credential in our authentication.
… Continue reading Usage of OTPs in combination with long-lived auto login URLs
I’m reading Alice and Bob Learn Application Security and I came across this sentence:
To protect highly sensitive data, it is recommended that you flush
the memory when your program exits, logs out, or is otherwise ended.
Considering a w… Continue reading Flush the memory when the application is ended
From personal experience many mobile apps that I’ve tested don’t actively detect and discourage (with a warning) or even block the app from running on/in:
a rooted/jailbroken Android/iOS device
emulated environment
an end-of-life iOS or e… Continue reading Should mobile app developers actively prevent apps from running on outdated devices/rooted devices/emulators for security purposes?
I read the network+ and basic linux , a little java script(i reading), html, python
But whenever I read vulnerability
I dont understand
I dont know where to work on vulnerabilities, what tools to work with, or I dont know which vulnerabili… Continue reading i need help in the web application