Collaborate Disseminate
I would like to design a system consisting of multiple services, but preserve the
Clients’s oauth2 bearer token.
In this basic example, I would have System A, validating a Bearer Token for a particular user and doing some actions. Service … Continue reading Mix service to service and service to client authentication and authorization
I am interested in testing a website’s new feature which is available on a single a web page (addition in original website) and have some editable fields. Other than checking input validation on those fields through MITM (which I am doing … Continue reading Penetration Testing of a Web Page instead of whole site
Please forgive the vagueness of the question title.
I am currently working/designing an opaque storage of immutable files. The purpose of the service is simple: storing files and being able to retrieve them by their identifier.
As the serv… Continue reading Does a hash-based storage cache design require additional access-control?
I’d like to implement a RESTful API service over HTTP that developers can call from their server side environments.
I intend to use a cryptographically secure pseudo-random number generator (CSPRNG) to generate keys and then convert the bi… Continue reading Is using a developer key to protect a REST API good practice?
I am searching for API Authentication Security Guidelines, but I can not find what I am searching for and I am confused.
Actually, I want more details regarding the API Authentication.
Authentication using API Keys. API keys can’t authent… Continue reading API Authentication Security
Is there an online service which allows to download a file from a URL directly zipped?
I want to analyze a potential malicious JavaScript file with some automatic anti virus engines but I don’t want to download the file unzipped. Furthermo… Continue reading Online service to download file from URL directly as zip
I’m attempting to scaffold out a development training project, and am looking for some kind of service that provides an api that I can POST a chunk of code to (in whatever language specified), and return the results or errors of running th… Continue reading Is there a service that provides an api for running user-provided code in a variety of languages?
Backstory:
I just upgraded my MacBook from OS X 10.11.6 to the most updated version of macOS, 10.14.6 Mojave. I also have the Little Snitch network filter installed. I know nearly nothing about information security, so when I see my comput… Continue reading Hybrid-Analysis.com indicates the website that my macOS system is contacting is likely malicious
I have this form where there is an implemented Google Captcha. I don’t understand why I can submit multiple POST request using the same g-recaptcha-response and without it. Is it intended to work that way?
POST /dev-test/form.php HTTP/1.1
… Continue reading Validating g-captcha-response parameter
What are the best practices for securely storing TOTP secrets as an extra layer of security for user accounts? This would be used in a webapp login and stored in a server database so that the user can use 2FA to secure their accounts.
My d… Continue reading What’s the best practices for storing 2fa tokens? [duplicate]