Collaborate Disseminate
While searching for a way to convert an HTML table to .CSV file, I found there are 2 ways to generate files to download on the client side with JavaScript:
using data URLs
by generating the file on the client side and posti… Continue reading How to securely manage generating files on the client-side to download
I’m planning a tool that will allow users to publish collections of their writing for publish consumption.
Any modification of content or account settings will be done through a secure management / admin server foo.com.
Whe… Continue reading Potential risks of allowing custom javascript
I know what you’re thinking, Node.js is server-side right? Not exactly. It turns out many client-side applications have embedded Node.js. And its not always updated to the latest version. And, its vulnerable to attacks! Moses Hernandez is a Consulting Systems Engineer for Cisco Systems and an Instructor for pen testing courses at the SANS Institute. Continue reading Exploiting Client-Side Node.js with Moses Hernandez – Paul’s Security Weekly #516
Background: it is not difficult to introduce vulnerabilities in backend/API code when not coding with security in mind. This typically leads to vulnerabilities such as XSS or various injections (or others).
It is also possi… Continue reading What are the risks associated with a vulnerable javascript in a client context?
I want to provide a user with remote contact list (address book) that they can access and update from arbitrary clients on multiple devices. But I want to have zero knowledge of those contacts. Existing mechanisms (eg XMPP roster, CardDAV)… Continue reading How can I store user contacts (address book) with zero knowledge?
I have a question about open source, multi-user projects.
Let’s say that you have an open source project, you also have a server on the internet, you distribute clients to the users, these client softwares communicate with t… Continue reading Server security in open source projects
I have a question about open source, multi-user projects.
Let’s say that you have an open source project, you also have a server on the internet, you distribute clients to the users, these client softwares communicate with t… Continue reading Server security in open source projects
Introduction
I am currently trying to build up a networking layer for Unity from scratch. Currently I am testing the communication via UDP using Node.js for the server and the client. However I guess the language of the impl… Continue reading Client security using UDP
I have to take care of 200+ client machines (mainly Windows 8,8.1, 10) in an organization. There are many apps installed: web browsers, Java, Flash & many more.
Are there any tools/techniques to check which machines have … Continue reading How to determine if software on many client machines is up to date?
I have to take care of 200+ client machines (mainly Windows 8,8.1, 10) in an organization. There are many apps installed: web browsers, Java, Flash & many more.
Are there any tools/techniques to check which machines have … Continue reading How to determine if software on many client machines is up to date?