Collaborate Disseminate
I’m trying to apply the principle that data is toxic asset in a system with many services through which this toxic asset must flow.
The system can be abstracted to 3 actors: clients, intermediaries, and (data) sources. Clien… Continue reading Handling toxic data in a microservice architecture
I’m facing an issue which i need to upload files to a centralized server, then relay it to other malware analysis providers (Palo Alto / etc…)
As from security perspective – it’s forbidden for the file to reside in the ser… Continue reading Is there a safe way to upload a malware into a centralized server?
If a browser is not authorized on a network, can browser emulation within an authorized browser create vulnerabilities?
For instance, Chrome is unauthorized but if I run IE, press F12 to get into Developer mode, and then hav… Continue reading Can browser emulation create vulnerabilities?
If a browser is not authorized on a network, can browser emulation within an authorized browser create vulnerabilities?
For instance, Chrome is unauthorized but if I run IE, press F12 to get into Developer mode, and then hav… Continue reading Can browser emulation create vulnerabilities?
Scenario:
On a (mostly) Windows client network (active directory),
Machines are physically connected to the walls and port based
authorization is being used.
What security benefits do I gain (i.e. attack vector mitigatio… Continue reading Merits of outbound HTTP(S) traffic (re)authentication
A good number of websites these days are not served directly over the internet, but through an intermediate providers, such as Cloudflare and Incapsula.
A basic premise of the security provided by these services involves not… Continue reading How can websites with URL traversal functionality protect itself from revealing its IP?
I have an API that users can log into. I don’t want it to be hacked. What if I limit each user to 60 requests a minute? Won’t this significantly slow hackers down in a brute force situation?
Continue reading Preventing a Brute Force Attack on API via limiter
I have an API that users can log into. I don’t want it to be hacked. What if I limit each user to 60 requests a minute? Won’t this significantly slow hackers down in a brute force situation?
Continue reading Preventing a Brute Force Attack on API via limiter
Many security measures are intended to protect against hostile users who want to abuse the software or get access to content they don’t have permission to access. Things like CSRF protection, SQLi protection, TLS and many oth… Continue reading Should web applications that are only accessible from a LAN be held to the same security standards as publicly accessible websites?
In Project Zero #1139, it was disclosed that CloudFlare had a bug which disclosed uninitialized memory, leaking private data sent through them via SSL. What’s the real impact?
Continue reading What’s the Impact of the CloudFlare Reverse Proxy Bug? ("#CloudBleed")