For legal reasons we can't send the email to HIBP in clear text. Regarding "Domain Search" functionnality, there's no API (as far as I know). It works by sendin
When I scan my angular project using npm audit it will show some vulnerabilities. I have found several solution to make them fixed. But my question is what are
I am new to keycloak , whether the user creation should be happened in my application or at keycloak
I have some existing code that looks like this. i = new Function("obj", "_", s); The parameter s contains an executable javascript code, as a string. At a late
I am working on one project and we are using tool Whitesource for our project. The system Whitesource tells me usually that I need to update some dependency. No
I am working on one project and we are using tool Whitesource for our project. The system Whitesource tells me usually that I need to update some dependency. No
I have a very simple TagHelper which will add the current CSP nonce to a specified tag. This is all working fine until I start using asp-append-version along wi
I'm trying to securize an Angular app with a Keycloak server. I've followed some tutorials that give more or less the same instructions in order to do so, but I
Currently I am building rest API using Laravel. For authentication, I am using the Sanctum package. Every time a user is logged in it generate a token that look
I noticed that for flutter there isn't a plugin or similar that manages security vulnerabilities of apps. The code can be obfuscated with the --obfuscate optio
I want to add a custom ModSecurity (V3) rule that can block all user agents, and allow me to whitelist certain User Agents from a file. If this is possible, if
I want to use log4j library for my web app that is created with Java 6. Which version is safe for me ? Do you recommend log4j or log4j2 consid
I'm designing a webhook receiver to work with a third party (over whom I have no control). The third party sends events (HTTPS) on behalf of our users that are
I am writing an API in Spring Boot that I want to secure using Keycloak. After doing some setting up, I managed to get the keycloak adapter to work. While I was
I know it's bad practice to have environment variables containing backend API keys on the client side (React). How insecure is this practice? These keys are inj
I am not really a true developer, so I apologize in advance for the naivety. How secure is HTTP POST over 4G LTE/NB-IOT? We aren't sending any sensitive data (t
Possible duplicate, but couldn't find any clear answers. Dependabot cannot update nth-check to a non-vulnerable version The latest possible version that can be
I am working on a java web app and I am setting the jsessionid attributes: HttpOnly, Secure and SameSite in the doFilter() method of InitSession class. I have t
I am trying to do a twistlock scan on an image and I can see a compliance error stating Private keys stored in image I have not hardcoded any keys in the image.
While running the checkmarx on angular 13 project the report results a 'Unchecked Input For loop Condition' medium issue. Even after limiting the object length