Category "security"

The key was not found in the key ring

I have a netcoreapp3.1 application deployed to on-prem IIS instances using the .NET Core Hosting Bundle. Because the app is deployed to 2 load balanced servers

How to defend app and system from uploaded C# code

Currently, I have the WEB API that will check uploaded code from the client and run it. It is the platform for testing. For example, there is a test for users:

spring security authorization error 401 unauthorized

I'm new to spring security and I am trying to create a web application with Jwt Token the problem is that i cant authenticate it always give me 401 error with i

Unsafe object binding checkmarx spring boot application

I'm getting this alert from checkmarx, saying that i have an unsafe object binding when trying to save a comment. I've read that we mustn't save objects directl

CWE 73 External Control of file name or Path

I am working to fix Veracode vulnerability CWE-73 (https://cwe.mitre.org/data/definitions/73.html) for my application in which the input filename is dynamically

How to correctly store user secrets in a frontend Application?

I am building a Web Application where the user's data is end-to-end-encrypted. The web client obviously needs a secret that nobody else knows for end-to-end-enc

In Kibana, querying, how to search for responses of successful bruteforce attack on a password for an account and port scanning of a webserver? Thanks

I would like to learn more about using Kibana in querying/ searching indications of certain attack events, such as bruteforcing an account, scanning/enumerating

Using ssl.wrap_socket to create a socket, gives a security hotspot in security scanner

The scanner is highlighting the below line as security hotspot. mysocket = ssl.wrap_socket(http_server.socket, keyfile=self.keyfile, certfile=self.certFile, ser

Front end Sensitive info

I am building my first react app and not sure about front end security. I am making a call to the following third party library: emailjs.sendForm(serviceID, tem

Best way to protect sensitive information copying in HTML?

The company I work for has a requirement to protect some area where articles are rendered, I've implemented some procedures to protect web-scraping but the prob

Thales HSM Import Public Key (EO) error '04'

I am sending this command with a DER encoded public RSA key. 1234EO013082010a02820101ec7b6d6be7d0603e3f247c22dd0ae533f02f1216fd9099d6ec5c596eb92c95e8ee87e3437af

How worried should I be about opening up a JWT to an XSS vulnerability?

I am building a node.js web application with react for the the GUI and graphQL served with Apollo for the back-end connecting to a RDS (MySQL) instance on AWS.

How to choose a specific CIS ruleset with AWS Inspector

In AWS Inspector Classic I want to scan an Amazon Linux 2 based EC2 image against the ruleset for CIS Benchmarks Amazon Linux 2. The AMI has been hardened to th

In flutter, which is more secure using platform functions/ dependency or dart dependency?

Im building a mobile application with flutter which the security is the highest priority so what is more secure to use native code (functions/ dependency ) or u

How to hide my security features in wordpress

How can I hide the power to see wp-includes from my wordpress website, try the Hide My WP-WordPress Security plugin and it totally ruins my website, someone who

GKE Cluster Audit

What are the points to be reviewed while auditing a GKE cluster? We have a production cluster and I would like to what all points need to be reviewed while audi

Return fingerprint and save in firebase

I am trying to write an app using flutter or android studio. The user will login to the app using his fingerprint. I want to read the fingerprint and save it in

Error with ruby version on termux when I try to install metasploit

I was installing metasploit with termux and it said: termux output ~ $ ls <br> metasploit-framework storage wiki-termux<br> ~ $ cd metasploit-fram

Is it safe to use uid to store data in firebase database? [duplicate]

I plan on creating an application on flutter that uses firebase auth and cloud firestore. My plan is to create a user and the use the user's u

Blazor WebAssembly Application fails to load due to integrity errors

We have developed a Blazor WebAssembly Application that has already gone into productive usage for a certain group of customers. The Application works well in a