Is it secure to develop sensitive apps on WSL? [closed]
I was wondering if developing on WSL is secure against data leakage for commercial and sensitive apps?
Continue reading Is it secure to develop sensitive apps on WSL? [closed]
Category Archives: secure coding
Security issues of exposing CRUD operations through a single API endpoint?
Imagine an API where all CRUD operations are done through the same POST HTTP Request but with different "action" values from request body.
{
"action":"[create|read|update|delete]",
"user":"4&quo… Continue reading Security issues of exposing CRUD operations through a single API endpoint?
Recommended security training for Web Developers [closed]
We are currently looking for a suitable training format to train our web developers in security related topics and secure coding. There are quite a few different providers and courses online. It is difficult to find out which one is the ri… Continue reading Recommended security training for Web Developers [closed]
CISO Stories Podcast: Developing Secure Agile Code Quickly is Very Achievable
Speed to market is the mantra of software development today. This does not mean that a process is not followed, it means that an iterative approach to software development produces code changes and usable code much faster.
The post CISO Stories P… Continue reading CISO Stories Podcast: Developing Secure Agile Code Quickly is Very Achievable
What are the security considerations for coding a website with interactive scripts but no backend?
I am developing a simple grammar study website with Bootstrap 5, JQuery and Javascript. It will have interactive grammar quizzes and flashcards. I would like users to be able to type in answers to grammar questions and upload their own voc… Continue reading What are the security considerations for coding a website with interactive scripts but no backend?
what is the security techniques used to protect mobile banking app? [closed]
What are the security methods used to protect the mobile banking application?
Continue reading what is the security techniques used to protect mobile banking app? [closed]
Sharing account verification tokens to third parties
This is a brief sanity check for myself to confirm whether or not the premise of the title is a good idea or not.
Suppose we have an internal system for password reset or account verification. When a user performs an action, they are prov… Continue reading Sharing account verification tokens to third parties
How to securely implement a bot that uses an API token to connect to a remote site?
I want to implement a bot that connects daily to a remote site using the site’s published API, and I want this implementation to be as secure as possible.
I have found much advice on what one should not do when implementing such a bot (e.g… Continue reading How to securely implement a bot that uses an API token to connect to a remote site?
The difficulty of securely storing a password
We have an open source software that allows users to be created. The users are saved in an LDAP directory. The software connects to the LDAP as an administrator to write a new entry for a new user, or to edit the password if the user wants… Continue reading The difficulty of securely storing a password
Allowing users to add arbitrary JavaScript in published articles
It would be nice if sites like Medium or Substack allowed users to not only add text, images, code snippets, etc., but also custom scripts that allowed readers to run a little piece of code. For example, if someone was writing an article o… Continue reading Allowing users to add arbitrary JavaScript in published articles