Collaborate Disseminate
During my penetration testing on the target, I noticed that passwords were being saved in the IndexedDB file even when i did not saved in the browser.
To verify this, I logged out, closed the browser, and upon reopening the IndexedDB file,… Continue reading Insecure Local Storage [closed]
Currently I am working on an application that requires secret keys to encrypt and sign information generated by the client and transmited over the wire, these keys are granted per user.
Currently when the user logs in, the keys are downloa… Continue reading In a web application, what would you consider the best way to store secret keys obtained via an SDK?
Question is pretty much in the title. We have a customer that is very concerned with privacy, and we’re making a solution that will rely on data being stored in LocalStorage, so we just need to verify wether browser vendors (they are speci… Continue reading Do browser vendors have access to LocalStorage/cookies?
I have a notes app that’s offline-first and syncs with remote database when online.
Currently, when a user creates a note, I’m encrypting it with AES. I ask the user to enter their decryption password on every page refresh and when they e… Continue reading Storing sensitive data in Local Storage with encryption?
I am trying to test a potential file upload vulnerability of a website. The website is based on a javascript framework. The website allows uploading images. Once the file is uploaded, the URL of the image is displayed as data:image/png;bas… Continue reading File Upload Vulnerability: Exploit local storage [closed]
I am currently working on a medium scale app and am a month into learning React. I got to the part where I need to authenticate users. I have written some code and It is working, but I don’t know is it secure enough. When my users login, … Continue reading Where to store token from auth header in React
I logged in to WhatsApp desktop (Windows) app while the "Linked Devices" feature was enabled in my phone (by scanning a QR Code). This creates "/Appdata/Roaming/Whatsapp" folder which contains some files and subfolders,… Continue reading Restore WhatsApp Session (Desktop app) in Another Windows installation
Today I have a web application that needs to store the user’s email and password, so that when he opens the login screen, the authentication is done automatically.
For this, our application saves the email and password in localStorage, unf… Continue reading Store login credentials securely with JavaScript [duplicate]
I am trying to figure out if the solution I am suggesting is valid for both XSS & CSRF protection,
I would like to store the JWT in an httpOnly & secure cookie and not in local storage,
when the user successfully logs in, he will g… Continue reading JWT cookie with CSRF token as a claim inside the JWT
My web app stores personal data about the user, but on the user’s phone only (HTML5 Local Storage). The data is never touched by any server or database. I can’t see the data. My server can’t see the data. I do not store it anywhere outside… Continue reading Does GDPR apply if my web app stores personal data on the user’s phone only? [migrated]