Does securly classroom work if im using my school’s device but house internet? [closed]
I’m not sure if securly classroom works by connecting the device to the teachers device or something, or does it work by using the school’s internet?
Category Archives: web-application
How to Capture Mobile API Requests in burp when Server side pinning is implemented
I recently encountered a scenario where Mobile Application is generating CSR request, call a POST API request and in response, Ask Server for certificate. Server will respond with the temporary certificate and Mobile Application will use t… Continue reading How to Capture Mobile API Requests in burp when Server side pinning is implemented
storing user hashed password into webauthn id
I am building a pure client-side app.
My users have a .kdbx vault stored in localStorage, and they can open it with a password.
In order to add a biometric\quick open feature into the app I thought about creating a Webauthn entry and stori… Continue reading storing user hashed password into webauthn id
What are possible security considerations of using ULID for unique identifiers?
ULID is a specification for unique identifiers which is intended as an alternative to traditional UUID. Some of the major differences are:
The creation date of the identifier is encoded into part of the identifier.
Because of the above, t… Continue reading What are possible security considerations of using ULID for unique identifiers?
Any "smart" way to disable telemetry of a web application on OS/hardware level? Any specific guide/tool recommend if we use linux and lnmp env
Let’s say we know as a fact that a php web application baked in telemetry to collection data. Without scanning through the codebase, any quick hack tool that we can force the telemetry become useless given that we have full access the har… Continue reading Any "smart" way to disable telemetry of a web application on OS/hardware level? Any specific guide/tool recommend if we use linux and lnmp env
Algorithms when using client side hashing plus server side hashing
So if I got this right from my intense research, the following procedure would be preferrable:
Use the PBKDF2 key derivation function to derive a secret key from the users password on the client side.
Use the derived key, which was generat… Continue reading Algorithms when using client side hashing plus server side hashing
How can session-persistence of a web application account lead to re-infection of the browser and OS [closed]
I recently read a blog post that mentioned there is a way to highjack a user’s account by stealing their session cookies, and then persisting the logged in state by extending the expiration of the cookie indefinitely. This would also mean … Continue reading How can session-persistence of a web application account lead to re-infection of the browser and OS [closed]
javascript app preventing csrf
I am trying to implement measures against csrf in my client spa.
I have the following question, since it is difficult for me to use the Signed Double-Submit Cookie.
It is possible to implement a csrf preventive measure, where the client ge… Continue reading javascript app preventing csrf
Securely storing derived key in web app and handling user identity
I am currently working on an open source project to securely store notes, payment card numbers, etc. I would like to implement a zero knowledge encryption method so that no one but the user can decrypt this data.
Unfortunately, I am stuck … Continue reading Securely storing derived key in web app and handling user identity
Is encrypting a query parameter within a URI a security best practice?
Assumption a customer is sitting in a public area connected to a public wifi.
Step 1. example.com server sends the following information to trustworthy.external.domain over https:
redirectPath="https://www.example.com/public/endpoint… Continue reading Is encrypting a query parameter within a URI a security best practice?