Fosstodon @fosstodon

5 posts5 participants0 posts today

halil denizSQL Injection Cheat Sheet: A Comprehensive Guide <a href="https://denizhalil.com/2025/04/02/sql-injection-cheat-sheet/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://denizhalil.com/2025/04/02/sql-injection-cheat-sheet/</a><a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#websecurity</a> <a href="https://mastodon.social/tags/sql" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sql</a> <a href="https://mastodon.social/tags/sqlinjection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sqlinjection</a> <a href="https://mastodon.social/tags/webapplicationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webapplicationsecurity</a> <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a href="https://mastodon.social/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ethicalhacking</a> <a href="https://mastodon.social/tags/blogger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blogger</a>

Miguel Afonso Caetano"API keys are foundational elements for authentication, but relying solely on them is inherently a risky proposal.Firstly, there’s the reality that API keys are not securely designed — they were never meant to be used as the sole form of authentication, and as such, they aren’t really built for the task. These keys can often be easily stolen, leaked, or, in some cases (especially if generated incrementally), outright guessed. An API key is suitable for tracking usage but is poor for security.There is also the additional reality that keys in their default state lack some critical functionality. There’s not a lot of verification built-in for identity management, and what does exist offers very little in the way of granular access control.Ultimately, solely relying on API keys is a mistake common with novice developers but frighteningly common even in advanced products.Best Practices Instead of relying heavily on API keys as a sole mechanism, combine those keys with additional approaches such as OAuth 2.0 or mTLS. Implement rigorous expiration and rotation policies to ensure that keys which are made public are only useful for a short amount of time. Consider more advanced approaches, such as IP whitelisting or device fingerprinting, to add another layer of security atop the API key process."<a href="https://nordicapis.com/9-signs-youre-doing-api-security-wrong/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://nordicapis.com/9-signs-youre-doing-api-security-wrong/</a><a href="https://tldr.nettime.org/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#API</a> <a href="https://tldr.nettime.org/tags/APIs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APIs</a> <a href="https://tldr.nettime.org/tags/APISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APISecurity</a> <a href="https://tldr.nettime.org/tags/APIDesign" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APIDesign</a> <a href="https://tldr.nettime.org/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebSecurity</a> <a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a>

Miguel Afonso Caetano"It is now time to fix it for good. A new solution has been proposed: partitioning visited link history. This approach fundamentally changes how browsers store and expose visited link data. Instead of maintaining a global list, web browsers will store visited links with a triple-key partition:- Link URL. The destination of the visited link. - Top-Level Site. The domain of the main browsing context. - Frame Origin. The origin of the frame rendering the link.A link is only styled as :visited if it was visited from the same top-level site and frame origin (...) This approach guarantees isolation and works well with the web's same-origin policy. The system records only navigations initiated by link clicks or scripts—excluding direct address bar entries or bookmark navigations.Key benefits of this model include: strong protection against cross-site history leaks, solving for good of many known side-channel attacks, support for meaningful styling within trusted, same-context domains, conforming to established web privacy principles and data protection regulations.This feature is already implemented in Chrome (v132, behind a <a href="https://tldr.nettime.org/tags/partition" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#partition</a>-visited-link-database-with-self-links flag). I am confident that in 2025 we are going to have this privacy headache solved once and for all."<a href="https://blog.lukaszolejnik.com/fixing-web-browser-history-leaks/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.lukaszolejnik.com/fixing-web-browser-history-leaks/</a><a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://tldr.nettime.org/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebSecurity</a> <a href="https://tldr.nettime.org/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a> <a href="https://tldr.nettime.org/tags/WebBrowser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebBrowser</a> <a href="https://tldr.nettime.org/tags/WebBrowserHistory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebBrowserHistory</a>

OWASP FoundationMaster Modern Web App Security at OWASP Global AppSec EU 2025 in Barcelona!2-Day Training | May 27-28, 2025 Level: Intermediate | Trainer: Abraham Aranguren Take a 100% hands-on deep dive into the OWASP Security Testing Guide and Application Security Verification Standard (ASVS) in this action-packed course. Register now ⬇️ <a href="https://owasp.glueup.com/event/123983/register/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://owasp.glueup.com/event/123983/register/</a><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OWASP</a> <a href="https://infosec.exchange/tags/AppSecEU2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AppSecEU2025</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PenTesting</a> <a href="https://infosec.exchange/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebSecurity</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Barcelona" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Barcelona</a>

N-gated Hacker News🚨 BREAKING NEWS: Swiss passport design REVEALED! 🚨 Oops, just kidding—turns out it’s a secret so secure, even you're forbidden from seeing it. 🕵️‍♂️🔒 If only Swiss <a href="https://mastodon.social/tags/neutrality" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#neutrality</a> extended to web access too. 🙄💻 <a href="https://kottke.org/25/03/the-design-of-the-new-swiss-passport" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://kottke.org/25/03/the-design-of-the-new-swiss-passport</a> <a href="https://mastodon.social/tags/SwissPassportDesign" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SwissPassportDesign</a> <a href="https://mastodon.social/tags/SecretAccess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecretAccess</a> <a href="https://mastodon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebSecurity</a> <a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HackerNews</a> <a href="https://mastodon.social/tags/ngated" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ngated</a>

matdaveI just released a beta tool I've been trying out for a while called CSPect, for managing Content Security Policies directly in <a href="https://fosstodon.org/tags/MODXCMS" class="mention hashtag" rel="tag">#MODXCMS</a> <a href="https://extras.modx.com/package/cspect" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://extras.modx.com/package/cspect</a><a href="https://fosstodon.org/tags/CSP" class="mention hashtag" rel="tag">#CSP</a> <a href="https://fosstodon.org/tags/WebSecurity" class="mention hashtag" rel="tag">#WebSecurity</a> <a href="https://fosstodon.org/tags/CMS" class="mention hashtag" rel="tag">#CMS</a>

RelianoidApplication Layer Gateways (ALG) 🔍🚀ALGs enhance security & performance by: ✅ Enabling NAT traversal 🔍 Blocking threats (SQLi, XSS) 🔐 Inspecting SSL/TLS traffic ⚡ Boosting speed with caching & HTTP/3 🛡 Acting as a WAF Essential for modern networking! <a href="https://fosstodon.org/tags/CyberSecurity" class="mention hashtag" rel="tag">#CyberSecurity</a> <a href="https://fosstodon.org/tags/Networking" class="mention hashtag" rel="tag">#Networking</a> <a href="https://fosstodon.org/tags/ALG" class="mention hashtag" rel="tag">#ALG</a> <a href="https://fosstodon.org/tags/WAF" class="mention hashtag" rel="tag">#WAF</a> <a href="https://fosstodon.org/tags/WebSecurity" class="mention hashtag" rel="tag">#WebSecurity</a> <a href="https://www.relianoid.com/resources/knowledge-base/misc/what-is-application-layer-gateway/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.relianoid.com/resources/knowledge-base/misc/what-is-application-layer-gateway/</a>

**LavX News** @lavxnews@mastodon.cloud · Mar 24

Mar 24

LavX News @lavxnews@mastodon.cloud

Critical Next.js Vulnerability Exposes Web Apps to Authorization Bypass Attacks

A newly discovered vulnerability in Next.js, a widely-used React framework, allows attackers to bypass critical authorization checks, putting millions of web applications at risk. Developers are urged...

https://news.lavx.hu/article/critical-next-js-vulnerability-exposes-web-apps-to-authorization-bypass-attacks

#news #tech #NextJS

**Relianoid** @relianoid · Mar 24

Mar 24

Relianoid @relianoid

Is your web app secure? If you haven’t checked the OWASP Top 10, now is the time! 2025 updates are coming, and staying ahead of the latest cybersecurity threats is crucial.

From broken authentication to insecure design, these risks can expose your business to serious threats. At RELIANOID, we break down everything you need to know!

Read our latest blog and get ready for the 2025 OWASP updates: https://www.relianoid.com/blog/owasp-top-10-2025-key-security-risks/

#CyberSecurity #OWASP #WebSecurity

**LavX News** @lavxnews@mastodon.cloud · Mar 23

Mar 23

LavX News @lavxnews@mastodon.cloud

Unveiling a Critical Vulnerability in Next.js Middleware: A Deep Dive

A recent security discovery has exposed a critical vulnerability in Next.js middleware, affecting all versions from 11.1.4 onwards. This flaw allows attackers to bypass authentication and authorizatio...

https://news.lavx.hu/article/unveiling-a-critical-vulnerability-in-next-js-middleware-a-deep-dive

#news #tech #NextJS

**LavX News** @lavxnews@mastodon.cloud · Mar 23

Mar 23

LavX News @lavxnews@mastodon.cloud

Introducing Powxy: A New Defense Against Scraper Bots with SHA-256 Proof-of-Work

In an age where data scraping is rampant, Powxy emerges as a robust solution leveraging SHA-256 proof-of-work challenges to safeguard upstream resources. With a focus on simplicity and efficiency, thi...

https://news.lavx.hu/article/introducing-powxy-a-new-defense-against-scraper-bots-with-sha-256-proof-of-work

#news #tech #WebSecurity

**Winbuzzer** @winbuzzer@mastodon.social · Mar 21

Mar 21

Winbuzzer @winbuzzer@mastodon.social

Cloudflare has unveiled AI Labyrinth, a system that misleads unauthorized AI crawling bots by trapping them in auto-generated content mazes.

#AI #Cloudflare #AILabyrinth #AITraining #WebScraping #BotDetection #GenAI #WebSecurity #Copyright #Publishers #Web

https://winbuzzer.com/2025/03/21/cloudflare-deploys-ai-labyrinth-to-exhaust-unauthorized-ai-crawling-bots-xcxwbn/

**N-gated Hacker News** @ngate@mastodon.social · Mar 20

Mar 20

N-gated Hacker News @ngate@mastodon.social

Oh no! The sky is falling! The unauthenticated web is apparently under threat from those terrifying AI scrapers that just can't resist causing havoc. Clearly, we should all panic and throw our websites into the arms of corporate gatekeepers.
https://sethmlarson.dev/i-fear-for-the-unauthenticated-web #AIThreats #WebSecurity #CorporateGatekeepers #PanicMode #HackerNews #ngated

sethmlarson.devI fear for the unauthenticated web

Recent searches

Search options

Administered by:

Server stats:

#websecurity