Getting the security right in applications is tricky. Most developers did not undergo professional security training and are not adept in such topics. At least I know I’m not. Luckily, multiple tools can help us achieve a relatively good security posture. Snyk, CodeQL and GitGuardian are good examples. In some cases, even a deployment framework […]
Read this article to learn more about autofill settings in Google Chrome. How to enable or disable the autofill feature, where to find these settings, and how to use them to advantage. Introduction One of the main priorities in further development of Google Chrome is to make it more functional and help users save time, […]
Encoding, hashing e encryption são conceitos comuns aplicados e discutidos ao tentar proteger os dados. Muitos devs afirmam usar métodos e padrões de criptografia fortes, mas é necessário que uma equipe de segurança avalie se realmente é apropriado.👌 Vamos dar uma olhada nas diferenças entre o uso adequado de encoding, hashing e encryption. Encoding Encoding(codificar) […]
While working with the computer, you must have seen a number of errors, and one of them can be A disk read error occurred. Press Ctrl + Alt + Del to restart or BOOTMGR is missing. Press Ctrl + Alt + Del to restart. Read this article on the causes behind these errors and how […]
There is a little legwork to do if you plan on using SVG in WordPress. For fair-enough reasons, WordPress doesn’t allow SVG out of the box. SVG is a markup syntax that has lots of power, including the ability to load other resources and run JavaScript. So, if WordPress were to blanket-ly allow SVG by […]
Kube-hunter – An open source tool that hunts for security issues in your Kubernetes clusters.. Kube-hunter hunts for security weaknesses in Kubernetes clusters. This tool was developed to increase awareness and visibility for security issues in Kubernetes environments. Kube-hunter Github https://github.com/aquasecurity/kube-hunter Ways to Run kube-hunter Three Ways for deploying kube-hunter. On Pod, On Machine, Container. […]
Typically, encrypted data is a binary data. But in some cases, database structure suggests using the original data format (string, int). Data tokenization works for the same goal as encryption but allows storing data in its original format. Use Acra Community Edition for free. Check out Acra Enterprise Edition tailored for solutions with high security […]
Table of Contents Introduction A simple session management flow The need for authentication The need for authorization The purpose of access tokens Session Expiry Access Tokens Reference Tokens Authorization flow Considerations while using reference tokens Value Tokens Authorization flow Considerations while using value tokens Conclusion Introduction Session management is the process of maintaining a session […]
⚠️Disclaimer: This article is for educational and training orientation, we are not responsible for the misuse of the techniques and explanations mentioned in this article and / or the use of the tools mentioned / provided, also we do not assume responsibility for the actions carried out with the information of the same. Please use […]
Level Up Your Website By Increasing Your Security Score Continue reading on Level Up Coding » Source: Level Up Coding
Learn why using a Universal Secrets Platform is the key to managing environment variables at scale and eliminates the need for syncing .env files. The benefits of using environment variables to keep secrets out of source code are well established. But are .env files the best method for managing them? Secrets management has evolved beyond […]
How can we make the OAuth flow secure in Single Page Applications (SPA)? In this article, let’s find out what is the potential threats… Continue reading on Level Up Coding » Source: Level Up Coding
Read this post to learn everything to know about TLS certificate revocation protocols: OCSP and CRL. How to use OCSP and CRL for validating TLS certificates in Go apps? Even though Golang has native support for TLS, it has extremely limited support for OCSP and CRL. So, what should you do then? OCSP (Online Certificate […]
Read this post to learn everything to know about TLS certificate revocation protocols: OCSP and CRL. How to use OCSP and CRL for validating TLS certificates in Go apps? Even though Golang has native support for TLS, it has extremely limited support for OCSP and CRL. So, what should you do then? OCSP (Online Certificate […]
Last December, Log4Shell shortened the nights of many people in the JVM world. Worse, using the earthquake analogy caused many aftershocks after the initial quake. I immediately made the connection between Log4Shell and the Security Manager. At first, I didn’t want to write about it, but I’ve received requests to do so, and I couldn’t […]
Hello 👋🏻 Devs, Recently delivered session at DevSecOps Conference 2022 on Infrastructure as code (IaC) and how to keep secure and best practices to follow. Writing this blog on similar topics for references. To deliver this session I did a lot of research and read many blogs to collect all information. This information is totally […]
YouTube video Podcast: Episode In this episode we will look at 18 ways in which your Hashicorp Vault server or any Linux server in general can be attacked. We will also discuss on how to prevent those and secure your server. This process is also known as production hardening. Written by, .ltag__user__id__378811 .follow-action-button { background-color: […]
How to set up Vault in High Availability ( HA mode ) with MySQL as storage backend In this tutorial we will look at how we can use MySQL as a backend to Vault. This setup will involve end to end TLS. We have already seen how to setup Vault with TLS frontend. We also […]
Sitemap | Terms | Privacy | Cookies | Advertising