Collaborate Disseminate
Are there any applications/tools for exploiting desktop applications? (with pre-built exploits)
I’d like to test my Java desktop app for security.
I’ve looked at tools like Metasploit, but they seem to be geared towards entire networks. … Continue reading Can demo exploits/attacks be run on desktop applications?
So far, I knew that traditional HSMs (Hardware Security Module) can be used to store key of a single user. But, recently, I came to know that newer HSMs have the capability to store keys of multiple users and let users use those keys to s… Continue reading HSM: How multiple users are supported (using SAM)?
These has been fixed in later versions of Netty … but what is the risk of using an older (can’t upgrade now) version that is vulnerable to to CVE-2019-20444 and CVE-2019-20445 … is there really a risk here?
Note that the application u… Continue reading Would my Java web application be vulnerable if I use a netty version that is vulnerable to CVE-2019-20444 and CVE-2019-20445?
These has been fixed in later versions of Netty … but what is the risk of using an older (can’t upgrade now) version that is vulnerable to to CVE-2019-20444 and CVE-2019-20445 … is there really a risk here?
Note that the application u… Continue reading Would my Java web application be vulnerable if I use a netty version that is vulnerable to CVE-2019-20444 and CVE-2019-20445?
For training purpose I’m looking for insecure code examples especially in Python (but every other language is fine as well). I don’t really care if the examples are made up ones or from actual production code.
I already went through seve… Continue reading Where can I get insecure code examples?
I’m developing an application over an intranet and is used only by an internal employee. There wouldn’t be any external parties involved here and no external communication would be used by the application.
Does it need secure software de… Continue reading Does an application purely for intranet use by employees need secure software design or to follow OWASP guidelines?
I have a local application which will be accessible only after login. Its single URL application, URL of application won’t change, just it use ‘XMLHttpRequest’ to refresh the content of screen based on action and other parameters.
The SEI CERT Coding Guidelines assign a priority to each rule, formed from the product of three factors: severity, likelihood, and remediation cost. Each of these three factors is assigned a value from 1-3, and the highest priority formed … Continue reading Counterintuitive remediation cost scale within SEI CERT Coding Guidelines for priority
Is there any website or newsletter where I can track all the security issues related to C/C++?
Continue reading Tracking C/C++ Security issues on daily basis [closed]
At my company, we have a new development team that has been completely rewriting all of the code for different parts of the system.
I’ve noticed that with one of the recent changes, you can now see the JSON data for all of t… Continue reading Code Change That Resulted in Database Fields and Values Exposed