Collaborate Disseminate
We have a requirement for Data loading function to Aircraft. There is Avionics standard termed as ARINC 615A and ARINC 665. 615A specifies high speed Ethernet based data load operation; where POINT-TO-POINT Ethernet connection between Data… Continue reading Secured data upload to Aircraft over ARINC 615A
Many companies have some BINs where you can enter a fake credit card and you get a premium account (the Credit card is based on a BIN that just trick or bypass the plateform),
I want to know how this works ?
For example : bin spotify/ne… Continue reading How does BINs vulnerabilities work?
For input validation on a website, are there any security concerns with disclosing to the user exactly what characters are valid or invalid for a given field?
CWE-200: Information Exposure says one should try not to disclose information &q… Continue reading Is it a security vulnerability to tell a user what input characters are valid/invalid?
I have an input field in a web that is being saved. This field can be shown in other systems that I do not have control over and that’s why I would like to limit what is allowed in this field, although I would like to allow s… Continue reading Which symbols can I whitelist to remain safe against SQL injection, XSS, and all other injections attacks?
I’d like to validate message texts with CRC-8/16/32 but I’m afraid that they could be changed to another one (for example, adding a “No” at the beginning). There will be no special characters besides the usual ones (? , . ; ª… Continue reading Is it possible to crack a CRC value for short text validation when someone tries to change a readable text?
As a programmer, I have typically worked on projects where a lot of the security was baked in or it was not as crucial as the software was for private use. However, I am working on a project that takes users’ answers and calc… Continue reading What are some things to consider when making a secure assessment system?
I am using a webpage that doesn’t have validation for name field. If I give any special characters, the page just becomes unresponsive. Though the captcha times out after some time, the request still runs in the server.
Can w… Continue reading Validation issue in name field causes the page to hang
I was wondering if there would be any security vulnerabilities with having insufficient data for different employees in a cluster of systems. If an economic system would have incomplete or null fields, for employees in one sy… Continue reading Is there any security risk with having incomplete data between information systems
One of the key security mechanisms for application software is input validation, which can protect the integrity of the system and thwart common injection and denial of service attacks.
Most of the internet can agree that pr… Continue reading What to take into account when validating file upload
During an assessment of an android application I discovered a file which contained serialized data from a standard call to ObjectOutputStream.writeObject(). A string serialized in the data is potentially under attacker contro… Continue reading Is breaking out of a Java binary serialized string possible?