Security

Security

128 bookmarks
Custom sorting
Salt Labs | Oh-Auth - Abusing OAuth to take over millions of accounts
Salt Labs | Oh-Auth - Abusing OAuth to take over millions of accounts
It’s extremely important to make sure your OAuth implementation is secure. The fix is just one line of code away. We sincerely hope the information shared in our blog post series will help prevent major online breaches and help web service owners better protect their customers and users.
·salt.security·
Salt Labs | Oh-Auth - Abusing OAuth to take over millions of accounts
Top 10 Cyber Security Threats 2023
Top 10 Cyber Security Threats 2023
# Insider Threats, #Ransomware, AI-Powered Attacks, Cloud Security, Cyber Threat Landscape, Cybersecurity Threats, Emerging technologies…
·medium.com·
Top 10 Cyber Security Threats 2023
Content Security Policy, Your Future Best Friend — Smashing Magazine
Content Security Policy, Your Future Best Friend — Smashing Magazine
The benefits of using a “content security policy” are many. In this article, Nicolas Hoffmann will introduce you to this technology, and he’ll explain why awareness is the most important advantage of CSP for website maintainers.
·smashingmagazine.com·
Content Security Policy, Your Future Best Friend — Smashing Magazine
How To Secure Your Web App With HTTP Headers — Smashing Magazine
How To Secure Your Web App With HTTP Headers — Smashing Magazine
Web applications, be they thin websites or thick single-page apps, are notorious targets for cyber-attacks. In 2016, approximately 40% of data breaches originated from attacks on web apps — the leading attack pattern. Indeed, these days, understanding cyber-security is not a luxury but rather **a necessity for web developers**, especially for developers who build consumer-facing applications. HTTP response headers can be leveraged to tighten up the security of web apps, typically just by adding a few lines of code. In this article, we’ll show how web developers can use HTTP headers to build secure apps. While the code examples are for Node.js, setting HTTP response headers is supported across all major server-side-rendering platforms and is typically simple to set up.
·smashingmagazine.com·
How To Secure Your Web App With HTTP Headers — Smashing Magazine
Threat Hunting: Detecting Browser Credential Stealing [T1555.003] - FourCore
Threat Hunting: Detecting Browser Credential Stealing [T1555.003] - FourCore
Adversaries can steal credentials, cookies and other private data from browsers using various techniques. We cover how you can simulate Credential Stealing From Browser s and detect it with your security tools. Sigma Rules Inside.
·fourcore.io·
Threat Hunting: Detecting Browser Credential Stealing [T1555.003] - FourCore
The UK Online Safety Bill Becomes Law, What Does It Mean?
The UK Online Safety Bill Becomes Law, What Does It Mean?
We’ve previously reported from the UK about the Online Safety Bill, a piece of internet safety legislation that contains several concerning provisions relating to online privacy and encryptio…
·hackaday.com·
The UK Online Safety Bill Becomes Law, What Does It Mean?
crowdsecurity/crowdsec: CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.
crowdsecurity/crowdsec: CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.
·github.com·
crowdsecurity/crowdsec: CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.
Mastodon and Lemmy are turning into tiny DDoS botnets
Mastodon and Lemmy are turning into tiny DDoS botnets
I know for a fact that this site can handle the Hacker News front page as I have been on it a few times in the last two years, and today - someone
·stackdiary.com·
Mastodon and Lemmy are turning into tiny DDoS botnets
Cryptography Guidelines
Cryptography Guidelines
Guidance on implementing cryptography as a developer.
·samuellucas.com·
Cryptography Guidelines
A deep dive into Deno and its comparison with Node.js
A deep dive into Deno and its comparison with Node.js
Explore Deno and Node.js differences. Learn about Deno's enhanced module system, stable APIs, and security. Discover its use cases and drawbacks in the tech world.
·bejamas.io·
A deep dive into Deno and its comparison with Node.js
Cyberattacks Are Inevitable. Is Your Company Prepared?
Cyberattacks Are Inevitable. Is Your Company Prepared?
Preparing for the unexpected is much easier said than done. In the case of cyberattacks, many companies have vulnerabilities in their defenses and reactions they haven’t prepared for that hackers will test. Many organizations can benefit from instituting fire drills and tabletop exercises, which test a company’s response plan at every level. These exercises will almost certainly reveal gaps in security, response plans, and employees’ familiarity with their own roles. While investing in external facilitators for these exercises will often allow for a more rigorous test separate from internal dynamics, there is guidance for organizations who wish to execute internal exercises to better prepare for a cyberattack.
·hbr.org·
Cyberattacks Are Inevitable. Is Your Company Prepared?
From Akamai to F5 to NTLM... with love.
From Akamai to F5 to NTLM... with love.
In this post, I am going to show the readers how I was able to abuse Akamai so I could abuse F5 to steal internal data including authorization and session tokens from their customers.
·blog.malicious.group·
From Akamai to F5 to NTLM... with love.