XML Injection on fortify issue

I had below code in my project XPathDocument document = new XPathDocument(new StringReader(xml)); return document.CreateNavigator(); fortify displaying the xml injection in the above code. How to solve this xml injection ? ...
more »

2017-02-22 20:02 (1) Answers

Security audit for product based web application

We are developing a web product application with the tools like Spring Boot, Apache Shiro, Hadoop, Stream sets and we are using HAProxy for Load Balance and DB with Postgres SQL and Apache Sling. 1. Is there a security audit framework available to t...
more »

2017-02-22 14:02 (0) Answers

Authentication 'Proxy' with API

I am trying to build an API for an authentication service and have a few questions. The goal is, to offer a bundled Login Service where I can integrate several login possibilities without the Service Provider (SP) caring about implementing a lot of d...
more »

2017-02-22 10:02 (0) Answers

JBoss 1-way and 2-way SSL symultaneously

I have a JBoss application with multiple endpoints. All these endpoints should be available to any user over one way SSL (HTTPS), except for a specific endpoint (let's call it /app/sensitive) which should only be accessed by a specific machine (ie. 2...
more »

2017-02-22 00:02 (1) Answers

How practical would this JWT Implementation be?

Disclaimer, I'm new to JWT's so if any of this makes no sense at all, you now know why lol. Motivation The security problem this implementation is trying to solve can be summed up by this scenario: Legit user logs in into the website using a publi...
more »

2017-02-21 20:02 (2) Answers

OPC-UA BadSecureChannelClosed

I have two windows services, one service (service1) connects to two OPC-UA servers, this works fine. The other windows service (service2) connects to the same two OPC-UA servers with identical connection code from OPC-UA foundation's .NET reference s...
more »

2017-02-21 17:02 (1) Answers

Auditing Android App File Creation

I am trying to observe what files are created when an Android app is installed and when it is run. I am looking for a workflow to audit android apps. Specifically, to determine what files are created by the application during installation and when i...
more »

2017-02-21 16:02 (0) Answers

How do you disable users in AAD?

I've got a user who signs in at 12 PM to an asset exchange using AAD for authentication. At 1 PM I discover that they're violating the exchange rules and I go into the Azure Portal and block the sign-ins for that user. As nearly as I can tell, this...
more »

2017-02-21 14:02 (1) Answers

C# simple exception output

I am making a program of which needs to output any errors that occur but in a timely fashion, it is a program for password recovery. How can I change the exception text variable which is probably a string to only the actual exception minus all the u...
more »

2017-02-20 20:02 (1) Answers

Apparmor on Docker Swarm

I read on the Docker documentation that it is possible to load custom AppArmor policies and ask Docker to load them for a specific container. Is it possible to use these policies also on Docker Swarm services (provided that all nodes of the cluster ...
more »

2017-02-20 18:02 (0) Answers

Identify android device after reset

I want to identify an android device even after a total factory reset. I know that I can use the android-device-id, but it changes if the user resets the device. As the Mac address is not available and IMEI not on very device, like tablets without...
more »

2017-02-20 16:02 (0) Answers

Is 302 redirection secure? Can it be intercepted?

If the browser requests a resource X which returns 302 and redirects the browser to Y using some parameters in get, is there a way in javascript or manually in the browser to change this parameters? So basically : browser requests X browser recei...
more »

2017-02-20 16:02 (0) Answers