Collaborate Disseminate
I have a public-facing SFTP instance. When applying the whitelist/allow-list of IP addresses that are allowed to connect to this instance, should I enforce the list on the network/firewall level, the application level, or both?
Continue reading Whitelist at network level, application level, or both?
I have an internal application that only allow whitelisted IP address to consume the API.
I have tried:
X-Forwarded-For, X-Originating-IP etc. in the headers.
None of them work.
However, with header Host: and not giving IP and some random … Continue reading Bypass IP Whitelist Restrictions
Let’s say there’s a keylogger secretly installed in an employee’s computer. The keylogger recorded a bunch of information, but the well-configured firewall blocked the keylogger from sending that information to its server.
Attacking the fi… Continue reading Is it possible to make whitelisted software do custom, malicious things?
In a discussion about sql injections, a claim was made that the actress Rachel True has computer problems due to her last name, including not being able to get an iCloud account, and not being able to get an account on one of the largest s… Continue reading SQL injection using “True” or “Null”
In a discussion about sql injections, a claim was made that the actress Rachel True has computer problems due to her last name, including not being able to get an iCloud account, and not being able to get an account on one of the largest s… Continue reading SQL injection using “True” or “Null”
In a discussion about sql injections, a claim was made that the actress Rachel True has computer problems due to her last name, including not being able to get an iCloud account, and not being able to get an account on one of the largest s… Continue reading SQL injection using “True” or “Null”
Background: At my place of work, we’re trying to block all unapproved browsers on all Windows machines and the IT Security guys did a search on our internal infrastructure and came up with a list of all the hash values of the installed Ver… Continue reading Does a database with pre-calculated SHA256 values exist for Windows EXEs?
I decided to use a whitelist approach to secure my environment (i.e blocking all inbound/outbound connections by default, unless otherwise stated).
I need to whitelist some Windows apps (not all of them) like Powershell, cmd, remote deskto… Continue reading Whitelist PowerShell, cmd, remote desktop (some Windows apps) in the firewall [migrated]
I want to know whether a solution I’m considering for a web app is particularly secure / in line with best practices etc.
Scenario – a web application, it’s a stock management app for small retailers. There is an element of sales/customer … Continue reading Query on best practice – using 2FA to self-authorise IP addresses in an allow-list
For one of our company’s clients, there is a custom portal implementation of our system on a subdomain, on our main product domain (something like client.product.company.com).
This client, happens to be a large Bank, that has provided logo… Continue reading How to White Listing a legitimate site that looks deceptive/phishing to Google? [closed]