Textbook uses terminology like Double/Single Bastion Inline/T to describe firewall architectures. Are these terms used in professional environments?

I apologize for the weird wording of the question title, I was hitting the character count.
I am taking a network security course in college and the textbook we use, Network Security Essentials: Applications and Standards 6th Edition by Wi… Continue reading Textbook uses terminology like Double/Single Bastion Inline/T to describe firewall architectures. Are these terms used in professional environments?

Is there a term for vulnerabilities the need ‘help’ from target vs vulnerabilities that can be exploited with no actions from the target?

I’m making a guideline for a bug bounty program and want to distinguish between bugs that require some kind of action on the target’s behalf (eg clicking a suspicious link), vs vulnerabilities that can be exploited without any actions from… Continue reading Is there a term for vulnerabilities the need ‘help’ from target vs vulnerabilities that can be exploited with no actions from the target?

Is using URL parameters together with body parameters in a POST request a defined security anti-pattern?

It is technically allowed by many programming languages to supply parameters in POST requests as part of the URL, similar to a GET request. You can do this in addition to supplying parameters in the body of the POST request at the same tim… Continue reading Is using URL parameters together with body parameters in a POST request a defined security anti-pattern?

MSTG-ARCH-7: All security controls have a centralized implementation

In the OWASP Mobile Application Security Checklist there is a requirement MSTG-ARCH-7 which reads: "All security controls have a centralized implementation".
Now I’m struggling a bit by what is meant with "centralized implem… Continue reading MSTG-ARCH-7: All security controls have a centralized implementation

Hackaday Links: July 19, 2020

Care to flex your ethical hacker muscles? The Defense Advanced Research Projects Agency, better known as DARPA, is running its first-ever bug-bounty program. The event is called “Finding Exploits to Thwart Tampering”, or FETT — get it? Bounty hunter? Fett? — and is designed to stress-test security hardware developed through …read more

Continue reading Hackaday Links: July 19, 2020