Collaborate Disseminate
At the end of Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet it says
Avoid encrypting identifiers as it can be challenging to do so securely.
On login I store a cryptographically generated secret on the backend with the session,… Continue reading Is encrypting REST exposed database identifiers a bad idea?
"Beyond the hardware, how do the integrated software ecosystems of Samsung’s One Ul and Apple’s iOS differ in terms of user experience, app compatibility, and cross device functionality ***
emphasized text
I’m starting out as a bug bounty hunter and found a website that might have a problem yet I’m unsure if its exploitable or not.
When sending any payload that contains % I get an error:
Invalid query parameters: invalid %-encoding (21%)
It seems technically plausible to me that one could implement some form of data store where the individual data points are protected by the encryption provided by the Trusted Platform Module available in many computers, perhaps via late bi… Continue reading Is a TPM protected datastore available/possible/desirable?
Learn what Google Cloud Platform (GCP) is, explore its core services, features, and benefits, and discover how it powers businesses with cloud computing solutions. Continue reading What is Google Cloud Platform (GCP): All You Need To Know
Learn what Google Cloud Platform (GCP) is, explore its core services, features, and benefits, and discover how it powers businesses with cloud computing solutions. Continue reading What is Google Cloud Platform (GCP): All You Need to Know
Would there be any security concerns saving mongod.conf to $HOME/web-server/mongod.conf instead of /etc/mongod.conf ?
If the config was under $HOME/web-server/mongod.conf would that mean someone (or a buffer-overrun executable) could chang… Continue reading putting database mongod.conf under $HOME/web-server/. instead of /etc/
At $work we need to store a sensitive attribute of a user (say SSN – so, short and with a small keyspace) and look up the user based on this attribute when data is submitted into our system. We cannot use off-the-shelf bcrypt/scrypt/etc. b… Continue reading How can I securely store a sensitive user attribute used for account lookup?
I’m doing a website PT lab and I’m trying to figure out SQL vulnerability in MariaDB.
After some scanning I found the /api/ path, and one of them gives the desired SQL
I found out that ‘ gives me the desired SQL error:
My request:
GET /api… Continue reading MariaDB SQL Injection
I think this should be the right SE, apologies otherwise
I have been researching ways to be more careful with how I handle important documents and credentials, but everything I found sounded incredibly inconvenient to use so I would like t… Continue reading Offline, multi-machine, 2-factor authentication information vault?