Grammarly Takes Bug Bounty Program Public
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne. Grammarly, which provides writing assistance through its online editor, is taking its bug...
View ArticleClik here to view.
实战教你网站攻击原理及如何防御网站攻击
提到网络攻击首先我们看看两个问题。什么是网络应用程序?什么是网络威胁? Web应用程序(aka网站)是基于客户端 - 服务器模型的应用程序。服务器提供数据库访问和业务逻辑。它托管在Web服务器上。客户端应用程序在客户端Web浏览器上运行。Web应用程序通常用Java,C#和VB.Net,php,ColdFusion标记语言等语言编写.Web应用程序中使用的数据库引擎包括mysql,MS SQL...
View ArticleClik here to view.
Complete guide to configure SSL on Nginx with Let’s Encrypt...
Securing your websites with an SSL certificate is now a must for all website admins, else the web browsers will mark the website as unsafe to visit, causing the loss of website traffic. But SSL...
View ArticleClik here to view.
Clik here to view.
Put Gosec in Your Pipeline to Spot Source Code Security Problems
Reading Time: 3 minutes Golang keeps trending up and to the right in programming language popularity, for many reasons. Great libraries, which means more users, which means more libraries and more...
View ArticleClik here to view.
4 Data Security Mistakes Most Businesses Make
Being competitive in the 21 st century requires a business to stay on the cutting edge of technology. For years, companies all over the world have used customer data to make important decisions about...
View ArticleClik here to view.
5 Must-Read Resources for Compliance and IT Leaders in Investment Firms
Regulated investment firms use the web to gather market intelligence, to access data aggregation tools and business apps, and to communicate via webmail and social media. While many (if not most)...
View ArticleClik here to view.
FORTIGATE 80C PDF
The FortiGate/FortiWiFi 80C series are compact, cost effective, all-in-one security appliances that deliver Fortinet’s Connected UTM. Ideal for small business. View full Fortinet FortiGate 80C specs on...
View ArticleClik here to view.
Sandwich-style SBC offers four 10GbE SFP+ ports
SolidRun’s “ClearFog CX 8K” SBC is built around a “CEx7 A8040” COM Express Type 7 module that runs linux on a quad -A72 Armada A8040. Features include 4x 10GbE SFP+ ports and mini-PCIe, M.2, and SATA...
View ArticleClik here to view.
Biometrics: Security Solution or Issue?
NYC With more transactions occurring online and subsequently, the number of data breaches increasing biometrics are moving to the forefront in discussions as a top way to authenticate data securely....
View ArticleClik here to view.
NetSecOPEN names founding members, appoints inaugural board of directors
SAN JOSE, Calif. Dec. 11, 2018 NetSecOPEN , the first industry organization focused on the creation of open, transparent network security performance testing standards, today announced that 11...
View ArticleIFC Inside: Retrofitting Languages with Dynamic Information Flow Control (2015)
Abstract: “Many important security problems in javascript, such as browser extension security, untrusted JavaScript librari es and safe inte- gration of mutually distrustful websites (mash-ups), may b...
View ArticleClik here to view.
An Empirical Study of Web Resource Manipulation in Real-world Mobile...
出处:USENIX Security 2018 作者:Xiaohan Zhang, Yuan Zhang, Min Yang, Xiaofeng Wang, Long Lu, Haixin Duan 单位:School of Computer Science, Fudan University, Shanghai Institute of Intelligent Electronics &...
View ArticleClik here to view.
使用Schnorr签名确定数字世界中的身份
人类总是能够把他们所说的话以书面形式呈现,所以文化需要一种方法来确定文档的起源。一旦能够在纸上交流,就有必要核实纸上所写的字句是否来自合法的发端人。 本文将解释人类如何提供文档的来源,以及不断发展的技术在这一领域中扮演的角色。 历史上的出处 有证据表明,人们首次尝试鉴定文字的起源可以追溯到几百年前。已知最早的记录之一是公元三世纪罗马帝国的提多和安东尼时期。...
View Article网络犯罪的五大新趋势:零日漏洞继续肆虐
网络犯罪的五大新趋势 原作者 Derek Manky 安天公益翻译组翻译 各机构现在就要着手防范 2019 年的威胁了, 特别要警惕使用人工智能( AI)“模糊测试” 技术、 机器学习技术和“集群”( swarm) 技术的网络犯罪分子。 为了管理日益分散和复杂的网络, 各机构正在采用人工智能( AI)和机器学习技术,将繁琐、 耗时、通常需要大量人工监督和干预的活动自动化。...
View ArticleAccelerate your app delivery with Kubernetes and Istio on GKE
It’s no wonder so many organizations have moved all or part of their IT to the cloud; it offers a range of powerful benefits. However, making the jump is often easier said than done. Many organizations...
View ArticleClik here to view.
安全小课堂第122期【DOM-XSS漏洞挖掘】
XSS(Cross-site scripting)是一种常见的web漏洞,按XSS payload位置的不同,分为反射型、存储型和DOM型XSS。 攻击者可以通过让受害者访问构造好的恶意链接,实现劫持、钓鱼、窃取登陆凭证(通常指document.cookie)。 由于javascript的灵活性较高,所以DOM-XSS在web应用中,也是一种较难防御和修复,且出现的场景较多的漏洞。...
View ArticleClik here to view.
质量监控-图片减包
经过多个版本迭代,项目在 release 配置下的打包体积依旧轻松破百,应用体积过大导致的问题包括: 加班 TEXT 通常来说,资源文件能在应用体积包中占据 1/3 或者更多的体积,相比起代码 (5kb/千行) 的平均占用来说,对图片进行减包是最直接高效的手段,对图片资源的处理方式包括四种: 通过请求下载大图 使用工具压缩图片 查找删除重复图片 查找复用相似图片 考虑到由于项目开发分工的问题,...
View ArticleClik here to view.
暗黑骑兵武器升级战
如果举办一届安全运维人员吐槽大会,想必会收到很多人的共鸣。 人少活多,活忒多; 漏洞无穷尽,补丁补不完; 掏空我的不是爱情,是漏洞 …… 拿Web应用举例,Web应用除了要应对OWASP TOP10稳居前列的SQL注入、跨站脚本XSS、认证和Webshell木马上传等传统攻击,还要应对大量新兴安全威胁及漏洞,例如Bots攻击、API数据泄露、零日漏洞等。...
View ArticleClik here to view.
NXP Markus Hinkelmann:岂止于逻辑攻击
今天我们带来最后一个重磅内容,来自NXP首席安全技术专家 Markus Hinkelmann 博 带来的―― 《Beyond logical attacks》 。 首先什么是逻辑攻击?这很好理解,比如有一台设备,黑客可以通过特定的接口向设备发送任意数据,比如命令、安装程序以及任何支持的功能,在我的定义里这些就是“逻辑”。 beyond logical...
View Article
