Collaborate Disseminate
I have Apache installed on a Linux server. The site hosted by Apache supports file upload functionality. Should I use some kind of plugin for Apache to check those files or should the OS take care of it (sandbox like cuckoo)?
Continue reading Checking for malicious file upload on web site
I am a programmer but I am currently learning about web development in general. I’m creating a server on my local host using nodejs and express. It’s available on my local host but I want to test it with a domain I have, so I can access it… Continue reading Is it safe to open a server application on the internal network to the public internet
I’m building some simple dashboard app for myself, but I want to have them on multiple devices – hence the server and front end. As I will be the only user who will access the application server, what security should I implement?
Stack:
Po… Continue reading Securing application server for a single user
A vulnerable website blocks almost everything that is related to PE (Privilege Escalation), but when encoding the ls -al code into a base64 format, the website doesn’t block the dangerous code (at Scan Time), will the web server detect and… Continue reading Will a Web Server detect a base64 encoded reverse shell on run time?
Which hacking tool makes a request and does not show up on web-server logs?
/en/latest/ has been requested over 116, we don’t have this URL on the website at all!
The request to that URL does not show up on web-server logs but I setup goog… Continue reading Hacking Attempt Requests Not showing Up on Webserver Logs But Google Analytics Shows it
I’ve been preparing to deploy an Express server using Helmet.js for some added security. I’ve been reading through their docs to make sure I understand what I am doing here, and I don’t understand one of their features:
“IE No Open”:
I read that uuid does not bring any security advantages
But I can’t find why It doesn’t bring a little bit of extra security in the scenario below ?:
Consider that right now the session id is encrypting the auto-increment id (no uuid is … Continue reading using Uuid for security
I have a project that I have to present on a Zoom call for my AP Computer Science class. I have a flask site that I am running off of my laptop onto a port forward. When I run the server it says:
WARNING: This is a development server. Do … Continue reading Is it safe to run a flask server in a development environment?
I found this question I want to host a server from my home computer; safe? that indicates that hosting anything connected to the open web on a private is a great security risk. As I am totally new to this topic, I wonder if tunneling the t… Continue reading Security risks by hosting a Nextcloud on home PC via virtual server
I’m developing a set of internal websites and services for a customer who has high levels of bureaucracy and strict formal rules about many things, one of them being “not storing passwords in plain text”.
So, when they inspected my system… Continue reading How to protect web server private keys on Ubuntu with Nginx without exposing any plain text credentials?