I know it's bad practice to have environment variables containing backend API keys on the client side (React). How insecure is this practice? These keys are inj
I am not really a true developer, so I apologize in advance for the naivety. How secure is HTTP POST over 4G LTE/NB-IOT? We aren't sending any sensitive data (t
Possible duplicate, but couldn't find any clear answers. Dependabot cannot update nth-check to a non-vulnerable version The latest possible version that can be
I am working on a java web app and I am setting the jsessionid attributes: HttpOnly, Secure and SameSite in the doFilter() method of InitSession class. I have t
I am trying to do a twistlock scan on an image and I can see a compliance error stating Private keys stored in image I have not hardcoded any keys in the image.
While running the checkmarx on angular 13 project the report results a 'Unchecked Input For loop Condition' medium issue. Even after limiting the object length
I have a wordpress site that features a .htaccess and a file called postfs.php. But when I try to delete them, they are written again. I tried
I am trying to use Secure Webhook solution by Microsoft Azure to send Planned Maintenance Events to my web application's endpoint. However, while testing the we
I have been looking at the RBAC documentation but I cannot find something specific, like default roles or a set of privileges that will apply to a common role.
My website is setup through IIS10, and I've given my application pool user, IIS AppPool\DefaultAppPool, all the rights I can think of. But when I use this appl.
I have a simple Django project with a PostgreSQL backend and I can't seem to get rid of the Django security vulnerabilities warning signs on my terminal. Settin
I have a netcoreapp3.1 application deployed to on-prem IIS instances using the .NET Core Hosting Bundle. Because the app is deployed to 2 load balanced servers
Currently, I have the WEB API that will check uploaded code from the client and run it. It is the platform for testing. For example, there is a test for users:
I'm new to spring security and I am trying to create a web application with Jwt Token the problem is that i cant authenticate it always give me 401 error with i
I'm getting this alert from checkmarx, saying that i have an unsafe object binding when trying to save a comment. I've read that we mustn't save objects directl
I am working to fix Veracode vulnerability CWE-73 (https://cwe.mitre.org/data/definitions/73.html) for my application in which the input filename is dynamically
I am building a Web Application where the user's data is end-to-end-encrypted. The web client obviously needs a secret that nobody else knows for end-to-end-enc
I would like to learn more about using Kibana in querying/ searching indications of certain attack events, such as bruteforcing an account, scanning/enumerating
The scanner is highlighting the below line as security hotspot. mysocket = ssl.wrap_socket(http_server.socket, keyfile=self.keyfile, certfile=self.certFile, ser
I am building my first react app and not sure about front end security. I am making a call to the following third party library: emailjs.sendForm(serviceID, tem