Innhold om Sikkerhet
Totalt 94 innlegg
Side 5 av 7
Responsible disclosure
You double checked, triple checked, even quadruple checked, and it is really there! You have just found a vulnerability in someone else's system. Maybe you just got access to something you shouldn't have, you can prove that an attacker could easily take down the system, or you found your way around the payment process in a shop. Whatever the bug, you now need to disclose it, but in a responsible manner.
You double checked, triple checked, even quadruple checked, and it is really there! You have just found a vulnerability in someone else's system. Maybe you just got access to something you shouldn't have, you can prove that an attacker could easily take down the system, or you found your way around the payment process in a shop. Whatever the bug, you now need to disclose it, but in a responsible manner.
Heads-Up, ZAP!
The Zed Attack Proxy (ZAP) is one of our go to tools for doing security assessments and testing applications. Tia Firing wrote about this last year, check it out. This year we were excited to learn that a new feature called Heads Up Display was introduced in the latest version.
The Zed Attack Proxy (ZAP) is one of our go to tools for doing security assessments and testing applications. Tia Firing wrote about this last year, check it out. This year we were excited to learn that a new feature called Heads Up Display was introduced in the latest version.
Stuff we listen to
After an eventful, or not, weekend, nothing beats listening to some fine entertainment while taking a walk, going skiing in the woods or while cranking out some code on your hobby research project. Today we are happy to share some of our favorite podcasts this year.
After an eventful, or not, weekend, nothing beats listening to some fine entertainment while taking a walk, going skiing in the woods or while cranking out some code on your hobby research project. Today we are happy to share some of our favorite podcasts this year.
OWASP Mobile Top 10
The Open Web Application Security Project (OWASP) maintain and release the well-known OWASP Top 10. It is a list of the most critical security risks in web-applications today. When developing mobile applications, security is of no less importance. However, the risks and vulnerabilities may be a little different. Therefore, OWASP developed another top 10 list, OWASP Mobile Top 10, which lists the 10 most critical security risks and vulnerabilities for applications running on a mobile platform. In 2018, NowSecure claimed that 85% of mobile applications available on the App Store or Google Play violated at lest one of the risks on the list. In this article, we will give you a brief summary and introduction to which risks we are talking about.
The Open Web Application Security Project (OWASP) maintain and release the well-known OWASP Top 10. It is a list of the most critical security risks in web-applications today. When developing mobile applications, security is of no less importance. However, the risks and vulnerabilities may be a little different. Therefore, OWASP developed another top 10 list, OWASP Mobile Top 10, which lists the 10 most critical security risks and vulnerabilities for applications running on a mobile platform. In 2018, NowSecure claimed that 85% of mobile applications available on the App Store or Google Play violated at lest one of the risks on the list. In this article, we will give you a brief summary and introduction to which risks we are talking about.
Here, have my biometric data, I don´t care.
Some grocery stores in Norway use fingerprints for verifying the users age when buying an item that has age-restrictions. The security of this solution gets a thumb up 👍
Some grocery stores in Norway use fingerprints for verifying the users age when buying an item that has age-restrictions. The security of this solution gets a thumb up 👍
Kryptert DNS
Når vi surfer på nettet i dag er det meste av trafikken kryptert. Bruksstatistikk fra Google viser at ca. 90 prosent av nettstedene som lastes i nettleseren Chrome lastes over HTTPS. Selv om mye av innholdet vi laster opp og ned over internett er beskyttet, er det fortsatt mye annen informasjon om internettaktiviteten vår som er tilgjengelig for uvedkommende.
Når vi surfer på nettet i dag er det meste av trafikken kryptert. Bruksstatistikk fra Google viser at ca. 90 prosent av nettstedene som lastes i nettleseren Chrome lastes over HTTPS. Selv om mye av innholdet vi laster opp og ned over internett er beskyttet, er det fortsatt mye annen informasjon om internettaktiviteten vår som er tilgjengelig for uvedkommende.
CSP - done right
Okey, so you want to secure your app with a CSP-policy. Great! But where to start and what to do if some parts of your app is out of your control?
Okey, so you want to secure your app with a CSP-policy. Great! But where to start and what to do if some parts of your app is out of your control?
Bug Bounty - The modern treasure hunt
So, you would like to be one of the cool security researchers that find vulnerabilities in the most used websites in the world, saving millions from the bad guys, and maybe make some cash along the way? Well, this is your lucky day! It's time to learn about bug bounties!
So, you would like to be one of the cool security researchers that find vulnerabilities in the most used websites in the world, saving millions from the bad guys, and maybe make some cash along the way? Well, this is your lucky day! It's time to learn about bug bounties!
Secure Quick Reliable Login (SQRL)
In case you haven't noticed: Passwords suck. Fortunately alternatives to that age-old authentication scheme are finally becoming practical. Today we will look at SQRL (Secure Quick Reliable Login), which aspires to become the simple and secure solution for your every-day authentication needs.
In case you haven't noticed: Passwords suck. Fortunately alternatives to that age-old authentication scheme are finally becoming practical. Today we will look at SQRL (Secure Quick Reliable Login), which aspires to become the simple and secure solution for your every-day authentication needs.
The annual Security Christmas calendar
Welcome to the annual Security Christmas Calendar. After weeks of research and writing we are super excited to finally be able to present this year's calendar.
Welcome to the annual Security Christmas Calendar. After weeks of research and writing we are super excited to finally be able to present this year's calendar.
Secure and Merry Christmas
Secure your local network
It is soon Christmas, and you might get new shiny gadgets under your Christmas tree. Now it is important to install these new shiny gadgets securely.
It is soon Christmas, and you might get new shiny gadgets under your Christmas tree. Now it is important to install these new shiny gadgets securely.
Scanning Vulnerable Dependencies
When creating a web application, it is almost impossible to create it without relying on third party dependencies. But how do you know that the dependencies you use are secure?
When creating a web application, it is almost impossible to create it without relying on third party dependencies. But how do you know that the dependencies you use are secure?
When developers disclose information
Information sensitivity is a problem that can bring your organization to its knees. What do you do when disaster strikes?
Information sensitivity is a problem that can bring your organization to its knees. What do you do when disaster strikes?
Insecure Direct Object Reference
When creating a web application, or a web site with more than one page, you will need to reference different resources. If you create a blog, you need to create unique paths to all the blog posts, like we are doing in this Christmas calendar. You see that the url is https://security.christmas/2018/20, where 2018 is a reference to the year, and 20 to the day of December. It is a fairly simple system, and you may have tried to skip ahead, but been met by a page saying you have to wait a bit longer?
When creating a web application, or a web site with more than one page, you will need to reference different resources. If you create a blog, you need to create unique paths to all the blog posts, like we are doing in this Christmas calendar. You see that the url is https://security.christmas/2018/20, where 2018 is a reference to the year, and 20 to the day of December. It is a fairly simple system, and you may have tried to skip ahead, but been met by a page saying you have to wait a bit longer?