Collaborate Disseminate
I’m starting out as a bug bounty hunter and found a website that might have a problem yet I’m unsure if its exploitable or not.
When sending any payload that contains % I get an error:
Invalid query parameters: invalid %-encoding (21%)
It seems technically plausible to me that one could implement some form of data store where the individual data points are protected by the encryption provided by the Trusted Platform Module available in many computers, perhaps via late bi… Continue reading Is a TPM protected datastore available/possible/desirable?
Learn what Google Cloud Platform (GCP) is, explore its core services, features, and benefits, and discover how it powers businesses with cloud computing solutions. Continue reading What is Google Cloud Platform (GCP): All You Need To Know
Learn what Google Cloud Platform (GCP) is, explore its core services, features, and benefits, and discover how it powers businesses with cloud computing solutions. Continue reading What is Google Cloud Platform (GCP): All You Need to Know
Would there be any security concerns saving mongod.conf to $HOME/web-server/mongod.conf instead of /etc/mongod.conf ?
If the config was under $HOME/web-server/mongod.conf would that mean someone (or a buffer-overrun executable) could chang… Continue reading putting database mongod.conf under $HOME/web-server/. instead of /etc/
At $work we need to store a sensitive attribute of a user (say SSN – so, short and with a small keyspace) and look up the user based on this attribute when data is submitted into our system. We cannot use off-the-shelf bcrypt/scrypt/etc. b… Continue reading How can I securely store a sensitive user attribute used for account lookup?
I’m doing a website PT lab and I’m trying to figure out SQL vulnerability in MariaDB.
After some scanning I found the /api/ path, and one of them gives the desired SQL
I found out that ‘ gives me the desired SQL error:
My request:
GET /api… Continue reading MariaDB SQL Injection
I think this should be the right SE, apologies otherwise
I have been researching ways to be more careful with how I handle important documents and credentials, but everything I found sounded incredibly inconvenient to use so I would like t… Continue reading Offline, multi-machine, 2-factor authentication information vault?
I am working on a application which requires session token to commence trading activities. This will be hosted on a cloud based Linux VM (Ubuntu) and a managed MySQL database.
Session token are generated using a TOTP. I have build this app… Continue reading Storing TOTP keys
So a while ago I was talking to a guy who was a high-up security officer for a big bank, and he told me something interesting. He told me (and this isn’t private information or anything,) that after about five incorrect guesses of the pas… Continue reading At what point does data wipe after incorrect password attempts become reasonable? [closed]