web service – Page 5 – WindowsTechs.com

Why must I send certificate and private key when make HTTPS requests? [duplicate]

Posted on October 29, 2020 by pasta_sauce

In my company, we are issued .p12 files and extract the certificate and private key like so:
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes

These are now … Continue reading Why must I send certificate and private key when make HTTPS requests? [duplicate]→

Based on these HTTPS requests what type of attack is this?

Posted on October 7, 2020 by theoneandonly2

I’m seeing over 1000 attempts to hit my API endpoints with many 500 responses. It seems clear that the would-be attacker is attempting to poke around the APIs, but it isn’t clear to me what type of attack they’re attempting. Hoping someone… Continue reading Based on these HTTPS requests what type of attack is this?→

Exposing different services on the same port

Posted on September 21, 2020 by user3427483

My current project contains multiple heterogeneous TCP servers, but our IT guys have clearly declared that they will give me only one 443 port, which is fair enough.
Two options are on the table now. One is VPN. We can set up a VPN serve… Continue reading Exposing different services on the same port→

Exposing different services on the same port

Posted on September 21, 2020 by user3427483

Are there services to detect data breaches?

Posted on September 15, 2020 by Martin Thoma

There have been quite a lot of data breaches in the past and I wonder how the companies got to know them. Were they only finding it in the news? Did individuals inform them?
What about small data breaches, e.g. if you have a user who has a… Continue reading Are there services to detect data breaches?→

Making S3 objects viewable only for logged in users

Posted on September 10, 2020 by ranban282

As a service provider, I allow logged in users to upload documents to a web server, and upload it to S3. The logged in user should subsequently be able to view his own documents, and I want to serve it directly from S3, with some token-ba… Continue reading Making S3 objects viewable only for logged in users→

Store cookies for multiple sites on remote server and connect from multiple clients

Posted on August 23, 2020 by reed

Would it be secure to:

Store all my website cookies (stack sites, webhost, github, web-based email, etc) on a remote server (using an customized open-source VPN or something)
Login to the server with password + 2fa (and maybe have a trust… Continue reading Store cookies for multiple sites on remote server and connect from multiple clients→

Does content-type header having a blank value in the response body, cause any security problem?

Posted on July 30, 2020 by Pawan Dwivedee

I have one HTTP request which is responding with no content value (No response body).
Is it necessary to have a content-type header specified for these kinds of responses?

Continue reading Does content-type header having a blank value in the response body, cause any security problem?→

Detecting a web based MITM attack?

Posted on July 15, 2020 by paul

I’ve been looking into ways to detect a Man In the Middle attack, when the client has "duped" into trusting third party CA. Examples of this are, anti-virus applications and corporate firewalls who are now installing their own c… Continue reading Detecting a web based MITM attack?→

How long does a secret URL need to be?

Posted on June 8, 2020 by Martin Thoma

I’m currently creating a small service where users can upload images (just a free time project). The images are either private, public (unlisted) or public (listed).

Now I’m wondering for public unlisted content how long the URL should be… Continue reading How long does a secret URL need to be?→