Collaborate Disseminate
Alpine Linux hit with bug that can lead to Poisoned Containers, data breaches affect stock performance in the long run, Bluebox-ng, a Node.js VoIP pentesting framework, and CommitStrip: It’s Not an App! News Bugs, Breaches, and More! 1.) Alpine… Continue reading Bluebox-ng, Stock Data Breaches, and CommitStrip- Application Security Weekly #32
There was a time when the average person was worried about the government or big corporations listening in on their every word. It was a quaint era, full of whimsy and superstition. Today, a good deal of us are paying for the privilege to have constantly listening microphones in multiple rooms of our house, largely so we can avoid having to use our hands to turn the lights on and off. Amazing what a couple years and a strong advertising push can do.
So if we’re going to be funneling everything we say to one or more of our corporate …read more
Continue reading Don’t Look Now, But Your Necklace is Listening
How do I restrict access to a React Web app installed at www.example.com, in particular the (Node JS or PHP) backend server REST API endpoints? I want to only allow access to the pages and backend from a specific office IP address.
I tried… Continue reading How to deny access to my server end points?
What is regular expression (regex) and what makes it vulnerable to attack? Learn how to use regex safely and avoid ReDoS attacks in the process.
Categories:
Business
Technology
Tags: ddosJavaScriptnode.jsredosregexsearchservervulnerability
I am creating a website that is built on PHP. It has a small page where users can have a group chat and message each other. For that page I open a websocket with a help of socket.io and expressjs. I want to use usernames that… Continue reading Best strategy to share some sensitive user data between Node and PHP
I was wondering what will be the risks when I am only working with semantic templates like handlesbars, ejs or pug?
I have an nginx server running an instance of and express/nodejs server.
I was going through the logs to see what was being requested, and I noticed a few normal attempts for common flaws in things like word press, but what… Continue reading Suspiscious HTTP request to nginx server in server log, what is it?
Is it possible to screenshot the whole desktop of users visiting my website?
I am using the PHP function imagegrabscreen() but it’s only working on localhost. Is this done on the server or can I do this with WebRTC without a… Continue reading How can I screenshot the whole desktop?
I’ve been searching for a good answer to this problem for a while now, and have seen questions that could be duplicates, but none of them seem to have good/definitive answers that work for my case.
I am building an Electron … Continue reading How to safely store OAuth2 credentials in a Desktop application
Recently, eslint-scope and eslint-config-eslint packages were hacked in an interesting way – one of the maintainer’s account was compromised by an attacker and a new “patch” version with the malicious code was published to th… Continue reading Recent ESLint hack or how can we protect ourselves from installing malicious npm packages?