Collaborate Disseminate
Please forgive the vagueness of the question title.
I am currently working/designing an opaque storage of immutable files. The purpose of the service is simple: storing files and being able to retrieve them by their identifier.
As the serv… Continue reading Does a hash-based storage cache design require additional access-control?
I am very well aware of the reason that e-mail is such a nightmare/mess today, in so many ways. This is not what I’m asking about.
I’m wondering why it was originally decided to make e-mail so convoluted. Just to make one simple and obviou… Continue reading I find the e-mail (as method of message exchange) convoluted and easy to break [closed]
I am writing a ReST service which enables user to get a tar archive of a set of requested documents. When the request succeeds, the service should upload the file to a pre-signed URL that points to an s3 bucket or azure blob storage or a p… Continue reading Server Upload to presigned URL
what security/privacy features would you include in the design according to MoSCoW method?
Continue reading If you were to design a secure Consumer Device
It is technically allowed by many programming languages to supply parameters in POST requests as part of the URL, similar to a GET request. You can do this in addition to supplying parameters in the body of the POST request at the same tim… Continue reading Is using URL parameters together with body parameters in a POST request a defined security anti-pattern?
Are injection vulnerabilities mainly a design or an implementation problem? I’m using SQL injection as an example; I’m interested in other injection vulnerabilities as well.
I believe that it is the direct consequence of lazy programming,… Continue reading Are injection vulnerabilities a design or an implementation flaw?
The “Affinity” of Android tasks seems really complex to handle. The StrandHogg vulnerability uses tricks with “Affinity” to render itself inside an another app.
The information that I’ve found this far does not provide exact details of vu… Continue reading What was the original intent for the feature that StrandHogg uses?
I’m building a mobile application that transfers points between users via QRCode. I’m concerned about security and am looking for effective simple yes secure algorithm to use.
The scenario should be something similar to this…. Continue reading Secure algorithm for transferring data between users via QR Code
Here is my security protocol for the use of a service provided by server. It utilises a symmetric key:
Client requests to use a service
Server sends back nonce
Client sends back nonce encrypted with Alice’s key
Once server … Continue reading What are the flaws in this security protocol between client and server?
Error and exception handling in web applications can introduce security issues, often in the form of denial of service (i.e., when a service crashes because of poor error handling) and information disclosure (i.e., when an ex… Continue reading Exception handling in multi-tier applications