24Ağu
24Ağu
[webapps] HughesNet HT2000W Satellite Modem – Password Reset
HughesNet HT2000W Satellite Modem – Password Reset
24Ağu
[webapps] Elber Wayber Analog/Digital Audio STL 4.00 – Authentication Bypass
Elber Wayber Analog/Digital Audio STL 4.00 – Authentication Bypass
23Ağu
What Server Temp Key algorithms are allowed in each SECLEVEL?
I found that I can print information about the cipher suites allowed in each SECLEVEL with
openssl ciphers -v -s -tls1_2 ‘EECDH+AESGCM @SECLEVEL=2’
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-R…
23Ağu
23Ağu
19Ağu
Modsecurity parse nested keys in json
I am writing an exception rule. I have the JSON:
{"pageNumber":0,"pageSize":100,"sorts":[{"field":"hex","direction":"ASC"}],"filters":[{"field":"…
19Ağu
how to protect a string (secret key) in my env file in node.js project?
I have a node.js project which implement in nest.js framework.
there is some apiKey and secretKey in my env file, I want to protect these keys from anyone, even host administrator. so I compile my entire project with pkg module to a binary…
19Ağu
Basic monitoring of web applications (http headers, HSTS)
I would like to set up som basic monitoring of outgoing traffic for a number of web applications and api´s running in AWS. E.g.
Ensure specific http headers are in place (Content-Security-Policy and Strict-Transport-Security must be pres…
14Ağu
ReDOS – Vulnerability found, but DOS not possible
I have an API which is protected by AWS Cloudfront. I found a ReDos in one of my API Endpoints. The endpoint looks like this:
https://mywebsite.com/api/myendpoint?apikey=xxxx&namefilter=yyyy
The user specifies the apiKey and a namefilt…
