friday 13th, september 2024
"your bitwarden vault contains (hopefully) all of your passwords and other sensitive data, so it would be good to have a backup of it in case something goes wrong..."
source: davidisaksson.dev // david isaksson format: text year: 2023 cache: webarchive provided by: eric sunday 1st, september 2024
"it used to be so easy. never, ever open a doc of an xls file from someone you don’t know. ah well, those simple, early days of phishing are long gone. mind you, people still fall for those attacks, but now phishing attacks have a new, novel way of getting on your pcs. perception point’s incident response team has discovered a new way to phish using html files to conceal malicious scripts..."
source: thenewstack.io // steven j. vaughan-nichols format: text year: 2023 cache: webarchive provided by: eric tuesday 20th, august 2024
"over a hundred certificate authorities (cas) have the power to issue certificates which vouch for the identity of your website. certificate authority authorization (caa) is a way for you to restrict issuance to the cas you actually use so you can reduce your risk from security vulnerabilities in all the others. setting up caa is an easy way to improve your website's security..."
source: sslmate.com format: text year: 2022 cache: webarchive provided by: eric sunday 11th, august 2024
"a web application frontend often performs requests to a backend api. even though this api is only supposed to be used by the frontend, it is usually also accessible with a browser. an attacker can use this to exploit vulnerabilities..."
source: sjoerdlangkemper.nl // sjoerd langkemper format: text year: 2023 cache: webarchive provided by: eric "forgetting or misusing the cache-control header may negatively impact the security of your website and your users' privacy..."
source: web.dev // arthur sonzogni format: text year: 2022 cache: webarchive provided by: eric saturday 10th, august 2024
"when you care about providing great authentication experiences, like us (the few, the proud), there is nothing better than this chart - undeniable proof that our users are successfully logging in. and, more importantly, getting access to the features or data which that login process protects. that’s what most users are looking for, after all..."
source: fusionauth.io // hannah sutor format: text cache: webarchive provided by: eric "php configurations are set in php.ini files. depending on how php is configured or used, the loaded ini files are different. for instance, running php-cli and running a php web app won’t make use of the same. the way how the directives in php.ini can be set is ruled by different modes..."
source: borelenzo.github.io // borel enzo format: text year: 2023 cache: webarchive provided by: eric monday 22nd, july 2024
"security is as important as the website’s content and seo, and thousands of websites are hacked because of misconfiguration or lack of security. if you are a website owner or security engineer looking to protect your website from attacks by clickjacking, code injection, mime types, cross site scripting, cookie hijacking etc. then this article will help you in a great way..."
source: rsupernova.com // rajesh kumar format: text year: 2022 cache: webarchive provided by: eric sunday 21st, july 2024
"offensive security drives defensive security. we're sharing a collection of saas attack techniques to help defenders understand the threats they face..."
source: pushsecurity.com // jacques louw format: text year: 2023 cache: webarchive provided by: eric "this is a comprehensive guide to content security policy (csp). if you build websites for a living, csp is an important concept to know, understand, and implement to protect your users from cross-site scripting (xss) injection attacks. this post covers (almost) everything you need to know about csp..."
source: writesoftwarewell.com // akshay khot format: text year: 2023 cache: webarchive provided by: eric load more