Collaborate Disseminate
Tripwire’s Brent Holder and Stephen Wood discuss recent study findings that provide a snapshot of what organizations are doing (and not doing) to secure their cloud. Spotify: https://open.spotify.com/episode/5wXKv9DiQjfsZNf6heXg67 Stitcher: https://www… Continue reading Podcast Episode 9 – Cloud Misconfigurations: Simple Mistakes, Big Consequences
I want to run an automatic scan on a web application made with Angular and JSNode. On this one I have access to different types of accounts. On ZAP OWASP I can select the POST request, it detects the parameters in the request, I show it wh… Continue reading Auto-login to refresh token in Burp Suite 2
My router can be configured by going to 192.168.1.1:80 when connected either by WiFi or by Ethernet cable.
Can the same configuration web interface be accessed from the external interface (the public IP of the router)?
Some background:
I h… Continue reading Can a router be configured from outside the local network?
For security and privacy purposes, it’s best to keep WebRTC disabled if you aren’t using it. Firefox makes this easy by simply setting media.peerconnection.enabled to false.
Due to COVID-19, the use of teleconferencing has increased drama… Continue reading What, if anything, are the consequences of temporarily enabling and then disabling WebRTC in Firefox?
We have the following configuration of the /etc/network/interfaces file which was setup by somebody else on this system. It has worked well by allowing other systems on LAN (and the internet) to connect to an nginx/apache run server on tha… Continue reading Assigning static IP address other than 127.0.0.0/8 to loopback interface
Using a web server with Nginx + ModSecurity + OWASP ModSecurity Core Rules…
On the OWASP config file crs-setup.conf is the order of the config section SecAction important or can i order them differently from the example config file?
… Continue reading Is `SecAction` order important for an OWASP ModSecurity config file?
Recently I started creating a CTF challenge based on Drupal 8. I want to create a REST API parameter that will be vulnerable to SQLi. Even if this isn’t something I should ask for here, I decided to do it in case anyone who knows Drupal is… Continue reading Drupal 8 – Create REST API vulnerable to SQL Injection for CTF purposes
With millions working, learning and collaborating remotely due to COVID-19 challenges, there’s an explosion of remote endpoints running Zoom and other collaboration and productivity applications such as Outlook, Teams, Webex, Slack, Office 365 an… Continue reading Secure Remote Endpoints from Vulnerabilities in Video Conferencing & Productivity Applications like Zoom
We’re using argon2-jvm to use Argon2id on our Java TCP Server.
Because its argon2id instance is thread-safe, we plan to only create a single instance for the lifetime of our app and have each request handler call it whenever necessary (e…. Continue reading Configuring Argon2id for Multiple Threads
I read an article about how to use Argon2id in C# here.
Below is the code they wrote (slightly edited):
using System;
using System.Diagnostics;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using Konscious.Sec… Continue reading Argon2id Configuration