Collaborate Disseminate
Web pages are often displayed in the browser before they have finished fully loading (i.e. the loading indicator is still spinning, etc).
Usually this is caused by a slow advert or a video, etc. But often there can be critic… Continue reading Is it secure to interact with a web page before it has fully loaded?
I have a web application (Spring MVC) and have input data validation for every parameter in the controller. What is NOT present is checking for accepted Parameter Map Size. i.e When the controller expected 10 parameters and the request has… Continue reading Benefit of Parameter Map size validation in web application controller
Chat webapp. Clients (that is, web browsers) send messages to the server, which the server broadcasts to all connected clients. Client-side code looks like this:
let p = document.createElement(‘p’)
p.appendChild(document.cre… Continue reading Should untrusted strings be sanitized server-side if they’re inserted into the document body through document.createTextNode?
Can Perfect Forward Secrecy (PFS) be used to prove that a particular file was transmitted or received at a particular time? If so, how? By keeping records of the entire TLS stream?
tl;dr:
Before concentrating on the walls of my walled-garden security model how can I be sure that I don’t already have infected plants.
Put another way:
How can I be sure that I’m not compromising every subsequent system … Continue reading How to check for malware in existing personal data
I’m working on a website that will rebuild data as an RSS feed based on a custom path.
For example: You have a video on youtube that you want an rss feed of comments, you can add -rss to the url (making it youtube-rss.com/as… Continue reading How to secure a web service that allows custom user defined paths?
Suppose I have a web application that is a social network. In order for two people to have access to eachother’s content they must become friends.
There is logic in the application to ensure both have improved eachother an… Continue reading Should I be thinking about security at the database row/document level?
I am currently building an multiplayer application game on Android, and the server-side logic is deployed using Cloud Functions, which is a server-less environment. The application logic is as follows: two users are given a q… Continue reading The proper way to validate user inputs
If the blockchain is going to be an immutable record, you need to start with clean data. The question is, how do you get clean data into a blockchain database to begin with. It’s kind of a quandary for use cases not starting with a green field, but Venzee, a startup that has been helping customers clean up their retail supply chain data to share with large vendors, thinks it has an… Read More Continue reading New Venzee tool brings data transformation and validation to your blockchain project
If an application has an RMI API that’s used internally (servers communicating with one another), is the information coming from those calls considered trusted or validation is still required?
I can’t find a lot of details … Continue reading Is RMI considered untrusted input even with TLS?