Collaborate Disseminate
By Gary Fisk, Sales Engineer, Corelight I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new from Corelight, and I’d like to share how i… Continue reading Who’s your fridge talking to at night?
By Seth Hall, Co-Founder & Chief Evangelist, Corelight Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise orga… Continue reading Small, fast and easy. Pick any three.
So I’m currently testing an endpoint that takes graphql using the apollo framework as an argument for certain queries. Introspection is disabled so I have been bruteforcing field and variable names to some success. However, with the follow… Continue reading How to define an object field type in graphql query?
If we look at encryption format and standards of JWE following RFC-7516, we can see that it uses a 2 way encryption method.
So what are the benefits of this compared to just using RSA? Are computation (decryption) time not significantly af… Continue reading Purpose of two-way encryption of JWE
By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in… Continue reading Community ID support for Wireshark
By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in… Continue reading Community ID support for Wireshark
i’m creating an android app for envato. before submitting my application to envato market, i want to be sure about my security. i’m collecting json data from mysql server and there in no data for username or password. i just parsing some l… Continue reading is this php code protect json hacking and hijacking? [closed]
A JSON response in the API of a webapp is returning the base64 of a user-uploaded image, and there’s no X-Content-Type-Options Header to prevent MIME sniffing.
Could this be a potential vulnerability such as an XSS for the webapp by using … Continue reading Potential vulnerability in JSON response returning base 64 encoded image data, with the response being vulnerable to MIME sniffing
I would like to know if there is any possibility or situation in which a web app endpoint that uses ONLY your ip address to return json with information regarding your location can be exploited.
This is quite an open ended question, so I w… Continue reading Potential vulnerability in web app that reads your ip address and returns a json response with country / region
This is a very strange occurrence and could be a false alarm.
I am testing an API from an advertisement network for my WPF desktop app.
I made a GET request to this exact test link (generic sample provided by the ad network):
https://adapi… Continue reading API GET Request resulted in a Bitdefender thread alert