It’s no secret that the world runs on open-source. From our Apache and NGinx webservers, our Ubuntu server OS’s, even our .NET and python programming languages. However, how many think that this could potentially be an issue?
Continue reading →
Working with any form of a secret in development such as usernames, connection strings, passwords, etc is always difficult. Simply finding a convenient and efficient way of storing them without putting them in source control can be a daunting task. While there are many ways of handling this such as dotNet secrets, Azure Key Vault, and Hashicorp Vault. I, however, decided to go with AWS’s secret manager.
Continue reading →
In a time of hacker attacks on critical infrastructure, even a run-of-the-mill malware infection on an electric utility’s network is enough to raise alarm bells. But the latest collection of power grid penetrations went far deeper: Security firm Symantec is warning that a series of recent hacker attacks not only compromised energy companies in the US and Europe but also resulted in the intruders gaining hands-on access to power grid operations—enough control that they could have induced blackouts on American soil at will. Continue reading →
In light of the recent 700 million email data leak on August 30 of this year, I have created CredCheck. I would like to throw out a personal thanks to Troy Hunt owner and operator of HaveIBeenPwned. CredCheck is a windows program that uses the HaveIBeenPwned API to check email addresses and give details on who’s information has been leaked, and how severe the leak was. Continue reading →
Most common applications and “home-brew” sites use sessions for storing temporary data as well as authentication. However,
sometimes a developer may want the session to span over multiple domains and or servers, and some may just be very security
conscience. It is common knowledge that session data is stored in a text file on the webserver, however if you are using
a shared server (as most cannot afford dedicated hosting or VPS) then any user on that server may see your session files.
To prevent this, and allow your user’s sessions to span over multiple domains the answer is easy: store the session data in a
MySQL database! Most of you may not be sure how to do this, or may have even been unaway that this is possible, however it is
very easy. When storing sessions in a database PHP makes the work easy for us with the use of a function called
session_set_save_handler(), this function can control the way that sessions are stored, retrieved, destroyed, etc. Continue reading →
Many developers believe in the practice of securing passwords and other financial data using a hash function (a function of turning some kind of data into a small number that may serve as a digital “fingerprint”). However just hashing a password isn’t enough it may still be bruteforced and as usernames and passwords are determined by the users not all will meet minimum secure levels so it is up to the developer to pick up where they leave off. Continue reading →