PCI compliance (PCI DSS) for Front End

I'm are currently working on the project and one of its feature is e-commerce such that our system should take care of security for user's credit card information and other credential information. I know that any web service that deals with user's ...
more »

2017-01-11 23:01 (1) Answers

C# windows Form. Powershell script Security

I have a Win Form App (C#) which buttons call powershell script. If I share this app (exe file) I also need to attach all ps1 file with it. For security reason, I wanted to make sure user unable to open ps1 files and read scripts. Is it possible to m...
more »

2017-01-11 21:01 (1) Answers

Memory Forensic / Security - Inline-Hooks

I'm preparing for an exam in a Volatility/Rekall course and I'm having a hard time understanding, how inline hooks work. From my understanding, it is possible to inject a DLL and code into another process, because we are able to allocate memory and r...
more »

2017-01-11 20:01 (0) Answers

How can the machine key be safely rotated?

Our app has the <machineKey> set in the web.config: <machineKey validation="HMACSHA256" validationKey="some-validationkey" decryption="AES" decryptionKey="some-decryption-key" /> It is used to encrypt/decrypt many things built into ASP...
more »

2017-01-11 18:01 (0) Answers

Testing Web Plugins

I am working on analysing a password manager web plugin. I need to test the web plugin for vulnerabilities. The Password manager web plugin interacts with its counterpart -- which is an independent desktop application for its functioning. The passwor...
more »

2017-01-11 17:01 (0) Answers

Spring Security test returns 401 (unauthorized)

In this documentation Spring Security MVC Test it is described how to test secured ressources with Spring Security. I followed all the steps provided but accessing a protected ressource still returns the error code 401 (unauthorized). Here is my tes...
more »

2017-01-11 17:01 (1) Answers

Access on business objects : security or business?

Here is a philosophical question. If you have some business objects on your application, a contract for exemple, and you want to define that only some user have the right to modify et delete this contract based on the fact the user have created it o...
more »

2017-01-11 16:01 (0) Answers

Convert string from database to SecureString

How I can limit (memory) exposure of a unencrypted string stored in a database when transfered from the database to a local SecureString variable? Is the string after it arrives from the database, but before it gets converted, just as vulnerable as ...
more »

2017-01-11 12:01 (1) Answers

Support for File Security in .Net core

We were porting a .Net 4.0 class Library to .Net Core 1.1 and struck with an issue of very limit support for file Security and permissions in .Net core CLR. We were trying to set the access control permissions to a file as below, and it seems that Fi...
more »

2017-01-11 08:01 (1) Answers

Content-Security-Policy refused to connect to

Refused to connect to 'https://w1xxx.ldxxx.net:7031/direct/v1609/something?preview=FALSE' because it violates the following Content Security Policy directive: "default-src 'unsafe-inline' 'unsafe-eval 'self' *.googleapis.com *.google-analy...
more »

2017-01-10 22:01 (1) Answers

Wordpress compromised but I do not know how

today my Wordpress site was compromised so now serve a JS script that redirect to SPAM site. I looked inside the Apache logs to reconstruct what happened, but i can't know how to interpretate this: xx.xx.xx.xx - - [09/Jan/2017:10:24:42 +0100] "GET ...
more »

2017-01-10 18:01 (0) Answers

Exposing RESTful WCF service over HTTPS

I've poked around dozens of blogs and SO questions and still can't get this to work. I can load my service over HTTP, but I get the following error over HTTPS: Could not find a base address that matches scheme http for the endpoint with binding ...
more »

2017-01-10 16:01 (1) Answers

Authentication for Kibana server

We are using Elasticsearch 2.3.4 and Kibana 4.5.3 in our application. We would like to add authentication to our Kibana server. That means, when running the kibana server from browser, it should prompt for user name and password. We are looking ope...
more »

2017-01-10 14:01 (1) Answers

What does {login} mean

I have a wordpress website, there i have a plugin which shows me when a login attempt has been made way to many times. it shows me someone has been trying to login with the username: {login} failed 7 times. What does this mean? should i be...
more »

2017-01-10 09:01 (1) Answers

Generating a MD5 hash from a char[]

I found a solution to this problem here. private byte[] toBytes(char[] chars) { CharBuffer charBuffer = CharBuffer.wrap(chars); ByteBuffer byteBuffer = Charset.forName("UTF-8").encode(charBuffer); byte[] bytes = Arrays.copyOfRange(byteBu...
more »

2017-01-10 03:01 (1) Answers

Handling secure login page in protractor

My team is working to use AngularJs and Polymer components for a new web app. I am looking into how to create a UI automation suite for this. After lots of research looks like Protractor may help me out here with some tweaks to handle Polymer. But, t...
more »

2017-01-10 00:01 (1) Answers

How does CurveZMQ security work?

From their documentation: Clients and servers have long-term permanent keys, and for each connection, they create and securely exchange short-term transient keys. Each key is a public/secret keypair, following the elliptic curve security mo...
more »

2017-01-10 00:01 (2) Answers