Collaborate Disseminate
I am developing a solution that is mostly dependent on plug and play architecture. Currently, I am doing a risk analysis of this design.
What are the security issues in Plug and Play architecture? And how we can mitigate them?
This is a C#… Continue reading What are the security issues in Plug and Play architecture? And how we can mitigate them?
I have a .NET 5 application running on AWS which has these requests constantly attempting to run:
GET http://app-10-irules.com/
GET http://www.simpleexample.com/
GET http://ssl-app-default-backend.com/
Currently they all 404, but nothing i… Continue reading What are these requests that appear to be phoning home?
I’m implementing a model which I’ll have to reupdate the users, so I want to deliver a unique link to the users and after confirmed the update, I expire that link, so I prevent reusing that link.
How do I generate a random secure token for… Continue reading Check Expired Token (after a visit)
A web vulnerability assessment was done on our web app by a third company that specializes in security,
and we added common headers that we missing, and to check my headers internally before the third org could scan l used an online tool f… Continue reading HTTP: Headers vulnerability still showing after being added
I have attempted to decrypt traffic between two .NET applications (both on Windows platforms) using Wireshark but due to the Diffie Hellman with perfect forward secrecy, I cannot use my private key from the server to decrypt the session ke… Continue reading Decrypt TLS 1.2 traffic between .NET Windows applications
How to exploit a program that has this line:
Process.Start(user_input + "calc.exe")
It’s a .NET function and nothing has worked so far ("mal.exe &&", "mal.exe;", …)
Any ideas?
We have a web application on https port with server certificate valid from 01/01/2021 and valid to 31/12/2021. Due to some constraints the clients which are going to use web application are behind current date, while the server is on curre… Continue reading Skip date check in Server certificate in Chrome
I was browsing through the Cure53 audits and found a mention of ‘Secure key deletion ineffective (Medium)’ on pg. 3 here. The Cure53 team was saying that there’s no real way to erase sensitive data in memory using Go.
Is there a way of doi… Continue reading How to erase encryption keys from memory in C#? [migrated]
Is it worth calling Array.Clear() to clear sensitive byte arrays such as those containing encryption keys? It’s not clear whether this is worth doing since the language has a garbage collector.
Continue reading Is Array.Clear() in C# suitable for zeroing sensitive byte arrays?
Looking for some guidance on an internal discussion we’re having.
We have a .Net developer that is requesting all development systems with Visual Studio installed don’t have .Net updates installed. The reasoning is that it breaks Visual St… Continue reading Developer requests dev systems don’t have .Net patches applied