encoding – Page 5 – WindowsTechs.com

Is there a consensus on whether HTML encoding should happen upon upload or retrieval/display for defense against stored XSS?

Posted on April 10, 2022 by ChocolateOverflow

The common thing to do in defense against XSS, stored or not, is to HTML-encode the payload. Encoding upon the upload/POST of the data is efficient for processing power and neutralizes it early to be stored in the database but the payload … Continue reading Is there a consensus on whether HTML encoding should happen upon upload or retrieval/display for defense against stored XSS?→

How to Find Encryption when knowing Input Plain Text and Output Encrypted Text? [duplicate]

Posted on April 4, 2022 by Rohith M

When I submit an Customer Reference ID in an Android Application it POSTs an Encrypted String to an API Endpoint.
For example, if I enter the following CR ID :
"CR-13261150"
it POSTs the following Encrypted Data:
splainText : &q… Continue reading How to Find Encryption when knowing Input Plain Text and Output Encrypted Text? [duplicate]→

How to solve this CTF challenge (encoding)? [closed]

Posted on April 3, 2022 by Daniel

useless question, sorry, kindly delete

Continue reading How to solve this CTF challenge (encoding)? [closed]→

How to decode/decrypt/decipher an unknown 83 bytes long UDP payload?

Posted on March 31, 2022 by A R

This is my first post here.
Following problem, maybe someone has time and knowledge to help a little bit with a hint.
Problem statement: I have an unknown 83 bytes long payload which I would like to decode/decrypt/decipher…
I got an alarm … Continue reading How to decode/decrypt/decipher an unknown 83 bytes long UDP payload?→

How to Find Encryption Type by Seeing Encrypted Text? [closed]

Posted on March 22, 2022 by Rohith

When I submit an Customer Reference ID in an Android Application it POSTs an Encrypted String to an API Endpoint.
For example, if I enter the following CR ID :
"CR-13261150"
it POSTs the following Encrypted Data:
splainText : &qu… Continue reading How to Find Encryption Type by Seeing Encrypted Text? [closed]→

Good practice for generating opaque access-token

Posted on February 9, 2022 by MatthewAws

Restrictions:

Access token will be short lived (2 minutes)
Access token will be one-time use only.

Given a strong random algorithm, would it be considered good practice to generate an opaque access-token by generating 256/512 random bits… Continue reading Good practice for generating opaque access-token→

Name of hexadecimal encoding with colon separators?

Posted on February 8, 2022 by maerics

Occasionally I see hexadecimal encoded data presented with colon characters (:) separating each octet.
For example CA:FE:BA:BE… or de:ad:be:ef…
Is there a formal (or common) name for this style of formatting?
Obviously, without the col… Continue reading Name of hexadecimal encoding with colon separators?→

How to send a password securely as part of a GET request in rails?

Posted on January 19, 2022 by boddhisattva

I’m curious to check what could be some possibly secure and recommended ways through which I could send a password as part of a GET request in rails? Just to be explicit, we’re using HTTPS in general.
High level overview of the use case: O… Continue reading How to send a password securely as part of a GET request in rails?→

Floss and many tools not detecting cyrillic strings in binary

Posted on January 17, 2022 by Underd0g

I am practicing some malware detection basics and it has caught my attention that the Cyrillic alphabet is not detected by practically any traditional string detection tool.
Source Code
while (strcmp(password, user_input) != 0)
{
p… Continue reading Floss and many tools not detecting cyrillic strings in binary→

How do I test for Reflected XSS in webpage titles, url parameters and javascript variables?

Posted on December 22, 2021 by HunterTheox24

I have a java web app. I’m using OWASP Java Encoder to encode for html, javascript and url components to mitigate reflected XSS. I’m new to this so I’m not sure on how to test on my web app for the following scenarios where there’s no dire… Continue reading How do I test for Reflected XSS in webpage titles, url parameters and javascript variables?→