Being Cellfish
Stuff I wished I've found in some blog (and sometimes did).
Pages
(Move to ...)
Home
About
Disclaimer
Contact
▼
Showing posts with label
security
.
Show all posts
Showing posts with label
security
.
Show all posts
2024-05-06
Yet another reason to love Go: math/rand/v2
›
With the recent explanation of how math/rand evolved into math/rand/v2 I got reminded why I first fell in love with Go . Design decisions ...
2023-03-30
Using soft limits to prevent abuse with good user experience
›
When you develop a service you will probably run into a situation where you want to put in some arbitrary large limit on something to preven...
2016-09-29
What is the most vulnerable operating system?
›
For whatever reason I needed some data on what the most vulnerable operating system was and instead I stumbled over some questionable use of...
2016-08-18
When your employer is phishing
›
A couple of months before I left my previous job I received a suspicious email - apparently I've received a fax and it was inside a link...
2016-05-12
Preventing cross-site request forgery (CSRF)
›
Since I stumbled over a pretty good introduction to what CSRF is I figured it was worth a few lines.
2016-04-14
All you ever wanted to know about password hashing
›
Well sometimes I'm lucky and somebody else writes something so I don't have to. Since you should assume that your system will be bre...
1 comment:
2016-02-18
Go, maps and randomization
›
A couple of years ago it was very easy to DoS attack .Net web services as the headers were added to a dictionary. Back then the hash of the ...
2015-12-10
Do I need to remove the Server header from my HTTP responses?
›
You might have heard the recommendation that your web server should not return the Server header to reveal exactly what software is being us...
3 comments:
2015-11-19
Is logging raw HTTP requests ok?
›
When you are working on services that need to scale to millions of users you typically come to the conclusion that you will never be able to...
2 comments:
2015-11-05
Preventing DoS attacks with puzzles
›
So when a web service is getting too much traffic it starts returning the 503 status code. Well written services also return the Retry-After...
2015-09-03
Secure(r) IIS settings
›
If you are using IIS as a webserver you are probably interested making sure the service is configured to be as secure as possible.
2015-08-20
Understanding HTTP Strict Transport Security (HSTS)
›
I'm not going to explain it all myself since it was explained in an excellent way here . However below is the executive summary.
2015-08-13
Black Hat USA 2015 report
›
Last week I told you about my training experience at Black Hat 2015. Now it is time to talk to you about the briefings and the business hal...
2015-08-06
Black Hat USA 2015
›
I'm attending Black Hat 2015 USA. This is my first time at Black Hat or any other security related conference and here are my first impr...
2015-06-04
Returning 403 or 404 - that is the question
›
I think it is safe to say that anybody who is serious about security will tell you that security through obscurity is no security . Yet a l...
2015-05-14
Email as password manager?
›
A lot of people these days rely on some (software) password manager to keep track of all different passwords you need. Obviously there are t...
›
Home
View web version