Collaborate Disseminate
Previously some good fellow explained the importance of verifying the public key created and offered by authenticators.
As before, given the complexity of a FULL implementation of RP operation, I believe it’s possible that some aspect may … Continue reading Suggestions for implementing a simplified subset of WebAuthn Relaying Party Operation
I’m curious to know how secure coding trainings for DevOps are done in your company/school. What works and what doesn’t, how would you improve them and what do you think is the best way to learn
Continue reading What do you think about existing secure coding trainings?
Introduction:
We heavily use external libraries, such as DataTables, in combination with interpolation. In Angular, we’ve identified two primary XSS prevention strategies:
Interpolation ({{ }})
Direct Sanitization with DomSanitizer.saniti… Continue reading Security in Angular: Addressing XSS Concerns with External Libraries and Interpolation
As an application developer, which of these two principles is considered more secure?
I’m familiar with these concepts at a foundational level. Secure by default means it’s secure out the box. Secure by design means the software has been… Continue reading Secure by Design vs Secure by Default
From using Node.js for running an entire business, or just a personal home project, how secure really is it?
Having open ports, exposing the main file with personal info (nodemailer info, etc.) or anything else just seems like a bad idea.
… Continue reading How actually secure is Node.js? [closed]
I am searching for the best way to merge two parts of software together, so it would be as hard as possible to separate them again through reverse engineering.
At the moment are both parts python, but open minded for anything else.
Continue reading Recommended way to merge a security feature with the rest of the software? [closed]
Good day, we deployed our app that has payment on it with a wallet system. We tried as much as possible to follow every security rule from server to code design. But yesterday we experienced a bridge with javascript logic that made us temp… Continue reading Busines logic bypass issue
Ofrece servicios de emisión de certificados para firma electrónica, es una obligación para pago de impuestos.
El usuario común no conoce la tecnología detrás, pero percibe la velocidad de respuesta.
Entonces, cómo elegir el tamaño adecuado… Continue reading Qué longitud de certificado es más seguro y fácil de manejar, 2048, 3072 ó 4096 para usuarios no expertos?
What is the official definition of code review or source code review?
Does it only mean that another developer reads the code after changes done by another developer?
or it can be done by an automated tool? like lgtm for example which is a… Continue reading What is code review? [closed]
As far as I know, JWT tokens are used for implementing ‘stateless server’. But as I try to apply Jwt to my website that uses sessions and cookies for authentication, I found that most people store refresh tokens in their db and compare the… Continue reading Why do I have to store a refresh token in db