appsec – Page 3 – WindowsTechs.com

Do code signing certificates build reputation only for Microsoft, and is reputation maintained across releases?

Posted on October 27, 2023 by ron

I have a Windows executable file that has been code signed with a certificate from a Certificate Authority. The CA is listed in the official Microsoft Trusted Root Program list of participants. The level of my cert is Open Source, which is… Continue reading Do code signing certificates build reputation only for Microsoft, and is reputation maintained across releases?→

Standards for Secure Products

Posted on October 16, 2023 by Nesuma

I am interested in standardizations for secure design and development of products, especially towards operational technology / IoT / ICS. My understanding of information security management systems via the ISO 27XXX and country-specific st… Continue reading Standards for Secure Products→

Learning Desktop Application Security

Posted on October 10, 2023 by Frixos Kallenos

I am familiar with web security but I would like to know more about non-web application security.
I know about memory corruption vulnerabilities like buffer overflow and buffer overread and how serious they are. But how about Java/C# or si… Continue reading Learning Desktop Application Security→

CSP script-scr blob

Posted on September 6, 2023 by Giuseppe Canto

What are the risks to allow a "blob:" directive to the script-src CSP? Is it safe?
I have a list of allowed domains defined in script-src, but nonetheless I got an error specifying the violation of the CSP directive when trying t… Continue reading CSP script-scr blob→

Is Message Layer Security the state of art protocol for group encryption? [migrated]

Posted on August 4, 2023 by Genie

I’m trying to read about Diffie Hellman (One to One) kind of protocols for group communication. Is Message Layer Security the state of art protocol for group encryption (not necessarily chat or application layer)? I found Tree Based Group … Continue reading Is Message Layer Security the state of art protocol for group encryption? [migrated]→

Nokod Snags $8M to Secure Low Code/No-Code Custom Apps

Posted on June 29, 2023 by Ryan Naraine

Tel Aviv startup scores investment to build technology to secure in-house low-code/no-code custom applications.
The post Nokod Snags $8M to Secure Low Code/No-Code Custom Apps appeared first on SecurityWeek.
Continue reading Nokod Snags $8M to Secure Low Code/No-Code Custom Apps→

Burp DOM-based Open Redirect

Posted on June 10, 2023 by TSFH

When I sent a request such as:
GET /500.aspx?aspxerrorpath=/error.aspx HTTP/1.1
Host: test.com

Burp reports "The application may be vulnerable to DOM-based open redirection:
Data is read from document.location.pathname and passed to … Continue reading Burp DOM-based Open Redirect→

I have a CTF challenge for an Android app, How I extract the flag [closed]

Posted on May 28, 2023 by mahmoud khalifa

public native boolean aaa(String str, AssetManager assetManager);

static {
System.loadLibrary("app");
}

/* access modifiers changed from: protected */
public void onCreate(Bundle savedInstanceState) {
super.onCreate(sav… Continue reading I have a CTF challenge for an Android app, How I extract the flag [closed]→

Strategy for storing private keys used in an embedded device

Posted on May 15, 2023 by user2563661

I am developing an embedded device using a bootloader. This means that the device will store in its flash an encryption key for decrypting update packages and an ECC public key for verifying update signatures. For this, the process needs t… Continue reading Strategy for storing private keys used in an embedded device→

SPATH with JSON in splunk [migrated]

Posted on May 15, 2023 by jcooper

I have a record in splunk that contains some data that I need to act on.
I have a record the looks like this
{ [-]
…
stages: [ [-]
…
{ [+]
}
…
{
name:Build and publish
children [
{ [-]
arguments: set… Continue reading SPATH with JSON in splunk [migrated]→