Security

Security

81 bookmarks
Custom sorting
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
Two CI/CD vulnerabilities in the nodejs/node GitHub repository exposed Node.js to remote code execution on Jenkins agents and the potential to merge unreviewed code to the main branch of the repository.
·praetorian.com·
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
microsoft/WhatTheHack: A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https://aka.ms/wth
microsoft/WhatTheHack: A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https://aka.ms/wth
A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https:...
·github.com·
microsoft/WhatTheHack: A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https://aka.ms/wth
TLS Certificates - For The Rest Of Us
TLS Certificates - For The Rest Of Us
How does your browser know a website is legit? This post simplifies TLS, certificate validation, and the trust chain behind secure connections
·tusharf5.com·
TLS Certificates - For The Rest Of Us
API Security: Key Protocols - APIDNA
API Security: Key Protocols - APIDNA
Here we go through some of the essential protocols required for robust API security.
·apidna.ai·
API Security: Key Protocols - APIDNA
Securing HTML fragments returned by API endpoints
Securing HTML fragments returned by API endpoints
A web application frontend often performs requests to a backend API. Even though this API is only supposed to be used by the frontend, it is usually also accessible with a browser. An attacker can use this to exploit vulnerabilities.
·sjoerdlangkemper.nl·
Securing HTML fragments returned by API endpoints
Secure Code Review Tips to Defend Against Vulnerable Node.js Code
Secure Code Review Tips to Defend Against Vulnerable Node.js Code
How do you identify vulnerable code patterns? Can you spot insufficient input validation? Enhance your Node.js development security with this guide to secure code review.
·nodejs-security.com·
Secure Code Review Tips to Defend Against Vulnerable Node.js Code
The reckoning on cloud container and serverless security
The reckoning on cloud container and serverless security
Ephemeral infrastructure's transient nature has afforded it a 'free pass' on forensic examination in the past, but that window is closing.
·technologydecisions.com.au·
The reckoning on cloud container and serverless security
What the !#@% is a Passkey?
What the !#@% is a Passkey?
A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things, depending on how it’s stored.
·eff.org·
What the !#@% is a Passkey?
Serverless Security: Protecting Functions in the Cloud
Serverless Security: Protecting Functions in the Cloud
Serverless computing has revolutionized the way applications are built and deployed in the cloud. By abstracting away servers, serverless…
·medium.com·
Serverless Security: Protecting Functions in the Cloud