Collaborate Disseminate
I have a website with a client-side HTML contact form created manually (not as output of an HTML constructor like PHP):
<form action=”mailto:someone@example.com”>
Email Adress:<br>
<input type=”email” … Continue reading Is there a way to hide HTML source code yet keeping it effective?
I have a website on which users can select a file from their local machine, manipulate it and then save it.
The website is written entirely in JavaScript to ensure it’s purely client-side. Is the content of the file that the… Continue reading Using local files securely on website
With a client side java application that interacts with the server over http, is it possible to handle certificate pinning strictly at the network layer? Meaning, if the certificate is pinned on a load balancer that handles the connection … Continue reading Can certificate pinning be achieved strictly at the network layer?
We are developing an application, that is using client certificate needed for client authentication (HTTPS connection) when using a specific web service.
When a customer company has hundreds of computers, the IT admin has to … Continue reading Access client certificate stored on another computer
I am doing a security course and a module on client side attacks, which is why this post might seem evil or outdated.
I have a Java applet fetching a malicious jar file and trying to then download and execute a malicious binary on a Windo… Continue reading Java Applet AccessControlException
I am trying to analyze the possibility of accessing keystrokes from an iframe using a javascript running on the parent page. The potential attack which I am looking to verify is Cross Frame Scripting.
From the OWASP page, I read that the … Continue reading Can a javascript on parent page log keystrokes inside an iframe?
I know that all servers should at least store my credentials as hash(password + salt) + salt, with a secure and well known hash function and a salt unique for me, generated from a secure and well known source.
The problem is… Continue reading How can I re-use my password and still protect the password if it is exposed from one source?
I have a website that runs on example.com. The website makes AJAX calls to my backend API which sits at api.example.com.
I employ a double-submit verification strategy.
The backend has protected endpoints which check the JWT token with … Continue reading Can I rely on the CSRF cookie to check if a user is authenticated on the client-side?
I am learning about cybersecurity and have read about client-side exploits. I know they are vulnerabilities/exploits and they target the client instead of a server. What are some examples of this and how do they work?
I want to make a static webpage, but secure it with a login.
In order to do this, I looked at this link. Basically, I want users to log in their Google account to be able to view the webpage.
But I don’t understand how th… Continue reading How client-side OAuth is secure?