Collaborate Disseminate
I decided to code my own password manager. There are similar posts to this, but with less specific (or not fully covered) answers/requests.
Seeing how popular OSes are coded bloated with little security in mind I want to at least minimize … Continue reading Coding language + libs + gui suggested to ensure secure strings for password manager [migrated]
We wrote a e-commerce system where we were asked to generate orders based on a format provided to us
The format was extremely simple which was today’s date with total number of orders in the database + 1.
The e-commerce was sent into testi… Continue reading Should order numbers be guessable?
There exists several sudo alternatives (systemd’s run0, OpenBSD and doas, etc.), all created after sudo has been an established tool, allegedly for security reasons.
What are the technical obstacles in implementing good old sudo?
Continue reading What are the security related challenges in implementing unix sudo?
There exist several sudo alternatives (systemd’s run0, OpenBSD and doas, etc.), all created after sudo has been an established tool, allegedly for security reasons.
If someone were to implement Unix sudo from scratch today, what would be t… Continue reading What are the security related challenges in implementing something like Unix sudo?
Sudo has been with us for over 40 years, and it has several CVEs reported and fixed every year. The tool must have been in the spotlight for its inherent involvement in computer security and widespread use, so one might be tempted to belie… Continue reading What makes sudo so hard to secure? [closed]
Previously some good fellow explained the importance of verifying the public key created and offered by authenticators.
As before, given the complexity of a FULL implementation of RP operation, I believe it’s possible that some aspect may … Continue reading Suggestions for implementing a simplified subset of WebAuthn Relaying Party Operation
I’m curious to know how secure coding trainings for DevOps are done in your company/school. What works and what doesn’t, how would you improve them and what do you think is the best way to learn
Continue reading What do you think about existing secure coding trainings?
Introduction:
We heavily use external libraries, such as DataTables, in combination with interpolation. In Angular, we’ve identified two primary XSS prevention strategies:
Interpolation ({{ }})
Direct Sanitization with DomSanitizer.saniti… Continue reading Security in Angular: Addressing XSS Concerns with External Libraries and Interpolation
As an application developer, which of these two principles is considered more secure?
I’m familiar with these concepts at a foundational level. Secure by default means it’s secure out the box. Secure by design means the software has been… Continue reading Secure by Design vs Secure by Default
From using Node.js for running an entire business, or just a personal home project, how secure really is it?
Having open ports, exposing the main file with personal info (nodemailer info, etc.) or anything else just seems like a bad idea.
… Continue reading How actually secure is Node.js? [closed]