json – Page 11 – WindowsTechs.com

Fighting Fire with Fire: API Automation Risks

Posted on January 24, 2019 by Tony Lauro

A look at API attack trends such as the current (and failing) architectural designs for addressing security of these API transactions. Continue reading Fighting Fire with Fire: API Automation Risks→

Returning POST JSON data securely?

Posted on January 17, 2019 by R. StackUser

I have a webpage (HTTPS encrypted and authorized only via domain credentials) that displays grid information. This grid information is received via a POST request to my server which will send back all of the pertinent inform… Continue reading Returning POST JSON data securely?→

Is it safe to eval JSON?

Posted on January 5, 2019 by Evan Carroll

I know JSON is supposed to be a notation that can otherwise function as direct-code to evaluate Javascript? But is that so?

There is a function I know about and use when I must, JSON.parse. It’s the inverse of JSON.stringify… Continue reading Is it safe to eval JSON?→

Is it safe to eval JSON?

Posted on January 5, 2019 by Evan Carroll

I know JSON is supposed to be a notation that can otherwise function as direct-code to evaluate Javascript? But is that so?

There is a function I know about and use when I must, JSON.parse. It’s the inverse of JSON.stringify… Continue reading Is it safe to eval JSON?→

What are a JSON rest api’s responsibilities to prevent XSS? [duplicate]

Posted on December 12, 2018 by user1710019

This question already has an answer here:

Preventing XSS for REST API

1 answer

I’m building a rest API that serves exclus… Continue reading What are a JSON rest api’s responsibilities to prevent XSS? [duplicate]→

Sanitizing JSON deserialization

Posted on October 25, 2018 by Frostbyte

I’m currently investigating best practices for secure JSON deserialization of untrusted input for object mapping. After researching, it seems like…

the default jackson mapper:
https://stackoverflow.com/questions/45846083/using-jackson-… Continue reading Sanitizing JSON deserialization→

What are the security concerns for base64 encoded JSON files?

Posted on October 19, 2018 by Karlom

In a REST API, I’d like to receive images as base64 encoded strings in a JSON objects fron user’s post and save them to disk using node.js fs module.

The request body are objects like:

{ file: ‘data:image/png;base64,iVBO… Continue reading What are the security concerns for base64 encoded JSON files?→

Chrome extension: what permissions usually make privacy leakage happen?

Posted on October 19, 2018 by TJCLARK

I am studying how privacy leakage happens by Chrome extensions.

First, “privacy leakage” I mean, for example, the extension sends host users browsing history/behaviors to 3rd party.

Second, I found the permissions are defin… Continue reading Chrome extension: what permissions usually make privacy leakage happen?→

Is using JSON a secure way of handling sql queries in python?

Posted on October 6, 2018 by Ranch Mayonaise

The question

I will try to articulate this as clearly and best I can:

Suppose that I have a python program which connects to a database on a server. Next I ask you to consider that this python program grabs Mysql queries fr… Continue reading Is using JSON a secure way of handling sql queries in python?→

Why does "<!–<script>" in a JS string cause an XSS vulnerability?

Posted on September 3, 2018 by Adam A

I was under the impression that all I needed to do to make inline JSON safe was to break any closing tags in strings. E.g. escape the / like “<\/script>”.

However I found a weird combination that still breaks my page. Th… Continue reading Why does "<!–<script>" in a JS string cause an XSS vulnerability?→