Question about vulnerable VPN
I had a question about how can an attacker exploit a VPN server(openVPN)to create a dos attack on a client’s network?
Collaborate Disseminate
I had a question about how can an attacker exploit a VPN server(openVPN)to create a dos attack on a client’s network?
As a simple example, let’s assume that I have implemented a key-value lookup within a pre-populated, static JavaScript dictionary. Let’s say that the dict is:
a = { ‘one’: ‘uno’, ‘two’: ‘dos’ };
The dict is accessed with
I’m currently building an Android application that utilises some Google APIs. I have also created a back-end using Flask, to which my Android application makes calls to.
One main problem I encountered was getting the user to… Continue reading Google’s recommendation of server-side authentication over client-side
I’d like to know in general which of the two types of security is the best in all aspects that may refer to security (we can use this the general aspects for security: integrity, availability, authenticity and integrity).
I’m working on an web application in HTML5 using a service worker and one of the requirements is to work offline.
In order to achieve offline functionality we are storing all the application data required in indexeddb. The i… Continue reading Offline senstive data storage
Important to know
Will not be passing the DEK from client to the server
The DEK will be used to encrypt all the data being placed within a github repository, it is possible that cipher-text will be available publicly because of the use o… Continue reading Generate DEK from password using hashing on client-side
I will create a certificate. This certificate will be installed on the customer’s system. When accessing the website xxx.xom, PHP checks whether the certificate is valid. If so, the user gets access to the website. If the cer… Continue reading How can I allow only authorized users to access a website using any certificate and how to implement in PHP?
I’ve got a novice question –
It is often said that you should not store plaintext passwords in a client-side cookie. (I’m imagining a web browser cookie, but I supposed this applies in general.) But in simple web apps we often store a plai… Continue reading Why not store password in cookie?
The question is about TLS client authentication using a browser. I have been using a smart card to authenticate to certain web sites. However, the card is a bit old and for whatever reason importing certificates does not work… Continue reading Using client certificate from a file and a key pair from a hardware token
Given a website which doesn’t use any protection specifically against Clickjacking (no X-Frame-Options or CSP), but which does access an attribute of top in essential JavaScript code, eg:
// http://localhost/jack.html
<sc… Continue reading Clickjacking when essential JavaScript code accesses attribute of ‘top’?