Collaborate Disseminate
I have generated a public and private key pair with ECDH from NodeJS
function _genPrivateKey(curveName = "secp384r1", encoding = "hex") {
const private_0 = crypto.createECDH(curveName);
private_0.generateKeys();… Continue reading ECDH for P-521 (Web Crypto Api) / secp521r1 (NodeJS Crypto) generate a slightly different shared secret
I am working as an intern for an online coding platform startup (similar to LeetCode or HackerRank).
The backend is written in Nodejs. Instead of running the code in a sandbox of some sort, the lead dev decided to execute the submitted cod… Continue reading Spawning child processes from root using runuser command
Hamsters are great pets, especially for those with limited space or other resources. They are fun playful animals that are fairly easy to keep, and are entertaining to boot. [Kim]’s …read more Continue reading Hamster Goes on Virtual Journey
I’m bit confused about this security flaw. I’m in real need of help in this 🙂
My express code (not using any sessions, just cookie-parser)
app.get("/signin", (req, res) => {
if(!req.query.token) return res.status(403… Continue reading httpOnly Cookie Security Flaw
package.json file
{
"dependencies": {
"express": "^4.17.1",
"express-graphql": "^0.12.0",
"graphql": "^15.5.0",
"pg": "^8.5.1"
}
… Continue reading is it possible to do sql injection in nodejs with postgres databse when I use "text" and "values"?
Dynatrace announced enhancements to its Application Security Module, which the company released in December 2020. These include extending Dynatrace’s AI-powered risk assessment for applications running on Node.js, the runtime environment underpinning t… Continue reading Dynatrace extends its AI-powered risk assessment for applications running on Node.js
I’ve analyzed an app where I’ve found different vulnerabilities.
I could upload/overwrite, delete and download anything. All critical vulns, but I didn’t know how I could get rce without making damages. I thought that I could replace the e… Continue reading RCE on a server running nodejs
Does the npm package manager cryptographically validate its payload’s authentication and integrity for all packages after downloading them and before installing them?
I see a lot of guides providing installation instructions with steps ask… Continue reading Does npm (Node.js package manager) provide cryptographic authentication and integrity validation?
Does the yarn package manager cryptographically validate its payload’s authentication and integrity for all packages after downloading them and before installing them?
I see a lot of guides providing installation instructions with steps as… Continue reading Does yarn (Node.js package manager) provide cryptographic authentication and integrity validation?
I am currently working on an instant React Native messaging app and I want to implement E2EE (End to End Encryption between the sender and the receiver) for better security. The libraries/frameworks I use are NodeJS for the backend, Socket… Continue reading How to build a highly secure End to End Encryption React Native messaging app