Having read the Angular security guidelines, I would like to: configure the content security policy enable the trusted types enforcement Here is how I changed m
For a thesis project, I have set up a Cowrie honeypot within an Azure VM running Debian. I am interested in, in addition to the regular logs, extracting specifi
For legal reasons we can't send the email to HIBP in clear text. Regarding "Domain Search" functionnality, there's no API (as far as I know). It works by sendin
When I scan my angular project using npm audit it will show some vulnerabilities. I have found several solution to make them fixed. But my question is what are
I am new to keycloak , whether the user creation should be happened in my application or at keycloak
I have some existing code that looks like this. i = new Function("obj", "_", s); The parameter s contains an executable javascript code, as a string. At a late
I am working on one project and we are using tool Whitesource for our project. The system Whitesource tells me usually that I need to update some dependency. No
I am working on one project and we are using tool Whitesource for our project. The system Whitesource tells me usually that I need to update some dependency. No
I have a very simple TagHelper which will add the current CSP nonce to a specified tag. This is all working fine until I start using asp-append-version along wi
I'm trying to securize an Angular app with a Keycloak server. I've followed some tutorials that give more or less the same instructions in order to do so, but I
Currently I am building rest API using Laravel. For authentication, I am using the Sanctum package. Every time a user is logged in it generate a token that look
I noticed that for flutter there isn't a plugin or similar that manages security vulnerabilities of apps. The code can be obfuscated with the --obfuscate optio
I want to add a custom ModSecurity (V3) rule that can block all user agents, and allow me to whitelist certain User Agents from a file. If this is possible, if
I want to use log4j library for my web app that is created with Java 6. Which version is safe for me ? Do you recommend log4j or log4j2 consid
I'm designing a webhook receiver to work with a third party (over whom I have no control). The third party sends events (HTTPS) on behalf of our users that are
I am writing an API in Spring Boot that I want to secure using Keycloak. After doing some setting up, I managed to get the keycloak adapter to work. While I was
I know it's bad practice to have environment variables containing backend API keys on the client side (React). How insecure is this practice? These keys are inj
I am not really a true developer, so I apologize in advance for the naivety. How secure is HTTP POST over 4G LTE/NB-IOT? We aren't sending any sensitive data (t
Possible duplicate, but couldn't find any clear answers. Dependabot cannot update nth-check to a non-vulnerable version The latest possible version that can be
I am working on a java web app and I am setting the jsessionid attributes: HttpOnly, Secure and SameSite in the doFilter() method of InitSession class. I have t