Collaborate Disseminate
Imagine that there is server required authentication for getting an access to some endpoint.
And developer added some logic to bypass the authentication: if server recieve HTTP header give_me_access=true, then server answers without requir… Continue reading Is there way to know what headers can be accepted by HTTP server?
My friend gave me some files to decode, but seems like they are all encoded with ioncube, and i don’t have money to buy IonCube an just half the files are with me, so i can’t use the loader either because it gives me an error that somethin… Continue reading What is IonCube’s starting offset?
Can I secure a website using a simple whitelist system?
My idea is to port forward a website www.example.com on my pc.
To secure it, I want to add a whitelist system. It will work like this:
When the server receives a request, it will read… Continue reading Restrict web access with whitelists
I am setting up a webserver and learning what is needed to get fully setup and secured. One of the things that I am learning about is firewalls and what goes into setting up a secured firewall to protect my server. I am currently using a… Continue reading Should a Traditional Firewall be setup on a server that already has a Cloud Firewall setup on it?
I have heard people say that separating the resource server and auth server makes it easier to scale but also improves the security. As I don’t know much about hacking I hope that someone could explain how separating the resource server an… Continue reading What is the benefit of separating my resource server and auth server?
I have heard people say that separating the resource server and auth server makes it easier to scale but also improves the security. As I don’t know much about hacking I hope that someone could ELI5 how separating the resource server and a… Continue reading ELI5 what is the benefit of separating my resource server and auth server?
I read this: How strict should I be in rejecting unexpected query parameters?
Answer: No, do not error out on unexpected query string parameters.
But I just got a requirement from our security guy that I must do so. Not only for unexpected… Continue reading How strict should I be in rejecting unexpected HTTP request parameters redux?
I read this: How strict should I be in rejecting unexpected query parameters?
Answer: No, do not error out on unexpected query string parameters.
But I just got a requirement from our security guy that I must do so. Not only for unexpected… Continue reading How strict should I be in rejecting unexpected HTTP request parameters redux?
I’m researching AI-based solutions to detect malicious web requests. I recently found this paper, showing that those web requests containing attack payloads are mostly malicious SQL injection/XSS attacks.
They carried out URL parameter ana… Continue reading What reasons can result in legitimate long Web/HTTP parameter values? [closed]
I was wondering if you have collected/crossed any labelled dataset in the following context for cyber-security threats:
Web requests
HTTP requests
(proxy) Web server logs
Any updates will be highly appreciated.
Continue reading Is there any public labelled dataset for Web Servers logs/ HTTP requests?