Innhold om Sikkerhet

When creating a web application, it is almost impossible to create it without relying on third party dependencies. But how do you know that the dependencies you use are secure?

Information sensitivity is a problem that can bring your organization to its knees. What do you do when disaster strikes?

When creating a web application, or a web site with more than one page, you will need to reference different resources. If you create a blog, you need to create unique paths to all the blog posts, like we are doing in this Christmas calendar. You see that the url is https://security.christmas/2018/20, where 2018 is a reference to the year, and 20 to the day of December. It is a fairly simple system, and you may have tried to skip ahead, but been met by a page saying you have to wait a bit longer?

There are numerous techniques for cracking passwords, and already cracked passwords are floating around the web waiting to be used by threat actors. How can we reduce the risks concerning passwords?

As the end of the year closes in, there are no shortage of tips on how to get your home ready for the festive season. We think you should take a time out, and consider which application should still have access to your social accounts.

Containers is the currently best way to build software for platform independence, and an orchestration service manages them, but how about that security?

Having unique passwords for every site and service presents us with the problem of remembering, or rather, storing our passwords in a safe but practical matter. How do we cope with hundreds of passwords?

How the browser and the webserver can join forces to protect both the user and the webserver: Enter security headers!

Use Content Security Policy (CSP) headers to prevent loading of untrusted resources and mitigate cross-site scripting (XSS) attacks

At the beginning, web pages were very static. They were written in HTML, and the web browser had one job, to render the HTML to a page filled with text, images and links. After a few years, the developers wanted more, and JavaScript got introduced.Together with JavaScript came a new breed of vulnerabilities, where the attackers could exploit the possibility to run code in browsers, this was called Cross Site Scripting or XSS.

If your API has sensitive endpoints which returns different HTTP-responses given user action A or B, then this information is enough to infer user information which can be exploited. Learning from Tinder, let's investigate why having non-deterministic HTTP-responses are important and try to make our most business-critical API-endpoints more secure.

Cross Origin Resource Sharing (CORS) is an important concept in modern webapplication security. We will try to explain what it is.

Do you want to try more hands on security testing, but you're not quite sure where to begin? Keep on reading!

Managing certificates, and rotating them in due time can quickly get out of hand.

Did you know that an attacker could inject code into your application, which could retrieve data or do something else that you did not anticipate?