Collaborate Disseminate
For a new project I am looking for open source tools to make the CI/CD chain more secure. So I am looking for open source tools in order to perform:
static code analysis
dynamic testing (for the API)
secrets discovery
vulnerabilities scan… Continue reading Open source tools for security controls in CI/CD pipeline [closed]
As I have been reading about the Android Keychain API, I have been particularly concerned about whether or not Android provides a way to restrict the keys installed as part of Keychain API to certain trusted apps only. For instance, can Yo… Continue reading Android Keychain: How to restrict the system-wide credentials based on the app developer or manufacturer only?
I have taken a liking to creating secure applications for commercial use in the future. I have the skeletons of an application ready.
How can I verify that my application is secure to an acceptable level? I need some experts to have a look… Continue reading Verify self-programmed, data sensitive applications
We have a Web API which uses the REST semantics and is protected using the Azure’s Application Gateway using a Web Application Firewall. The Web App consuming this API can send in any type of data in a JSON format but what is happening is … Continue reading What would be the best way to mitigate Azure Application Gateway WAF False Positive?
While implementing CSP, there are two options.
Implement CSP in the HTTP response header
Implement CSP using a meta tag <meta http-equiv="Content-Security-Policy" content="default-src ‘self’">
Out of the above t… Continue reading Which CSP implementation is more secure?
This is conceptual I know so let me know if there’s a better place to ask this. I’m wondering how people can view a piece of code in a repo they aren’t familiar with, or simply didn’t write, and connect it to specific user-input point like… Continue reading How do you connect a piece of code in a repo to an actual user-input point in an app?
This is conceptual I know so let me know if there’s a better place to ask this. I’m wondering how people can view a piece of code in a repo they aren’t familiar with, or simply didn’t write, and connect it to specific user-input point like… Continue reading How do you connect a piece of code in a repo to an actual user-input point in an app?
While calculating the CVSS score using CVSS3.1, attack vectors are classified into four.
Network – Remote attack
Adjacent – Should share the same Physical or Logical network of victim
Physical – Physical access to device or component
We recently added a new Software Component Analysis tool (dependencytrack) to our infrastructure, which allows us to gain visibility on which dependencies are pulled by the code of our web apps.
How could we take advantage of this new ligh… Continue reading How to take advantage of a new security tool (SCA) added to company?
We recently added a new Software Component Analysis tool (dependencytrack) to our infrastructure, which allows us to gain visibility on which dependencies are pulled by the code of our web apps.
How could we take advantage of this new ligh… Continue reading How to take advantage of a new security tool (SCA) added to company?