Collaborate Disseminate
There are requests in my web application that contain “personal data” (name, postal code, phone number, date of birth etc). I would like to know what caching controls are advisable. I am using HTTPS.
This question Best pract… Continue reading Caching personal data: GDPR
I am testing web application where some requests returns private data, which shouldn’t be save in cache. Response contains headers:
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
I found he… Continue reading Recommended caching headers
I have been reading about cache side channel attacks and the “Flush+Reload” method came up a decent amount. Before putting forth my question, this is what I understand about the Flush+reload technique.
I understand that if two users (Ali… Continue reading Side channel attack with flush+reload
Observing the time needed by a browser to load external resources such as images potentially discloses information about whether those resources have been accessed before.
Explanation:
For example, by embedding the StackOverflow logo wit… Continue reading Browser cache information disclosure
I’m getting more and more interested in cache side-channel atttacks, but while for stack/heap vulnerabilities you can better understand the problem via inspecting memory using a debugger I can’t find a corresponding tool for … Continue reading How can I read the content of CPU caches?
I have a angular service call to webapi , if webapi is got down , have to load the data from cache and the cache is expire after 20 minutes.
Which is better way to store the data?
LocalStorage – store upto 5 MB and lifetim… Continue reading Best Mechanism(Way) to Cache the data across application in client side app
I’ve been reading up on RAM Disks and their roles in various uses. The role one no one talks much about is password cracking.
I pulled the below quote from here
“It’s also important to know that hard drives (the magnetic, ro… Continue reading Does a RAM Disk Actually Help When Password Cracking a Small Hash
An interface (website/application) that requires authentication should have a proper HTTP caching mechanism. When it doesn’t, it allows an attacker to browse back after logout or read the cache in another way.
In order to do so, the serve… Continue reading What is the proper terminology and base CVSS score for the following cache related behaviour?
During security tests/assessments it is often said that you need to set the cache-control to no-cache (and some other things). But as I was looking at this I found that POST requests are not cached (which makes sense) by defa… Continue reading POST request no-cache header
This method which I am talking about can improve caching of images, videos, and CSS by the ISP rather than just depending on the browser cache. And it also proves the validity of the sender. Is there any reason why this semi-HTTPs not cons… Continue reading Why do we need HTTPS for static content? If we can have a checksum at the end signed by the private key, won’t that prove the validity?