Collaborate Disseminate
We wrote a e-commerce system where we were asked to generate orders based on a format provided to us
The format was extremely simple which was today’s date with total number of orders in the database + 1.
The e-commerce was sent into testi… Continue reading Should order numbers be guessable?
My question regards tabnabbing and how to block it. I will first describe my understanding of the subject, but I’m no expert, so this introduction is meant for you to correct me if applicable.
Here is my attempt at exhaustively listing the… Continue reading Tabnabbing, adblocking and web browser security
I’ve been trying all day to nest created iframes and access their contents, but security restrictions dont let me. Is there a way? I shared my code and everything i tried so far in a codepen. https://codepen.io/serapath/pen/qBGbpMG?editors… Continue reading How to access iframe.contentWindow.document of a nested iframe inside an iframe? [migrated]
Over the decades web browsers have changed from the fairly lightweight and nimble HTML document viewers of the 1990s to today’s top-heavy browsers that struggle to run on a system …read more Continue reading The Minimalistic Dillo Web Browser Is Back
I’m working on an application where encrypted data can be stored on the server. Users can do this by obtaining public keys from the server, and use them to encrypt data locally before sending it to the server. This encryption feature provi… Continue reading How to allow users to securely use their private key to decrypt data in the browser [duplicate]
Is there a way (maybe via browser extensions) to make sessions forcefully expire after a while, even if the server side is set for longer durations?
e.g. you authenticate to example.com and it starts a session that is valid for 5 hours. Yo… Continue reading (Advanced) client-side session handling in browser
From Cross-Origin Resource Sharing (CORS) – HTTP | MDN:
CORS failures result in errors but for security reasons, specifics about the error are not available to JavaScript. All the code knows is that an error occurred. The only way to dete… Continue reading What are the reasons for CORS failure errors to not be available to JS?
There are JavaScript libraries (such as dev-tools-monitor, devtools-detector, devtools-detect and others) that detect when the developer console is open. Are there also ways to better hide the dev-tools such that they are no longer detecta… Continue reading How to use the web developer console when sites detect its use? [migrated]
Today, my family brought me a quite old laptop (it had Windows 7 Enterprise from around 2009). When I tried to turn it on, it was already complicated because I got a black screen with options, but the keyboard wouldn’t let me choose the st… Continue reading Is my home network infected? [duplicate]
With all the tools legally available to “secure” one’s connection to the internet nowadays, why aren’t government organisations like the CIA taking any action against the companies and people behind these applications/services, such as Duc… Continue reading Secure web browsing and the internet