I'm designing a webhook receiver to work with a third party (over whom I have no control). The third party sends events (HTTPS) on behalf of our users that are
I am writing an API in Spring Boot that I want to secure using Keycloak. After doing some setting up, I managed to get the keycloak adapter to work. While I was
I know it's bad practice to have environment variables containing backend API keys on the client side (React). How insecure is this practice? These keys are inj
I am not really a true developer, so I apologize in advance for the naivety. How secure is HTTP POST over 4G LTE/NB-IOT? We aren't sending any sensitive data (t
Possible duplicate, but couldn't find any clear answers. Dependabot cannot update nth-check to a non-vulnerable version The latest possible version that can be
I am working on a java web app and I am setting the jsessionid attributes: HttpOnly, Secure and SameSite in the doFilter() method of InitSession class. I have t
I am trying to do a twistlock scan on an image and I can see a compliance error stating Private keys stored in image I have not hardcoded any keys in the image.
While running the checkmarx on angular 13 project the report results a 'Unchecked Input For loop Condition' medium issue. Even after limiting the object length
I have a wordpress site that features a .htaccess and a file called postfs.php. But when I try to delete them, they are written again. I tried
I am trying to use Secure Webhook solution by Microsoft Azure to send Planned Maintenance Events to my web application's endpoint. However, while testing the we
I have been looking at the RBAC documentation but I cannot find something specific, like default roles or a set of privileges that will apply to a common role.
My website is setup through IIS10, and I've given my application pool user, IIS AppPool\DefaultAppPool, all the rights I can think of. But when I use this appl.
I have a simple Django project with a PostgreSQL backend and I can't seem to get rid of the Django security vulnerabilities warning signs on my terminal. Settin
I have a netcoreapp3.1 application deployed to on-prem IIS instances using the .NET Core Hosting Bundle. Because the app is deployed to 2 load balanced servers
Currently, I have the WEB API that will check uploaded code from the client and run it. It is the platform for testing. For example, there is a test for users:
I'm new to spring security and I am trying to create a web application with Jwt Token the problem is that i cant authenticate it always give me 401 error with i
I'm getting this alert from checkmarx, saying that i have an unsafe object binding when trying to save a comment. I've read that we mustn't save objects directl
I am working to fix Veracode vulnerability CWE-73 (https://cwe.mitre.org/data/definitions/73.html) for my application in which the input filename is dynamically
I am building a Web Application where the user's data is end-to-end-encrypted. The web client obviously needs a secret that nobody else knows for end-to-end-enc
I would like to learn more about using Kibana in querying/ searching indications of certain attack events, such as bruteforcing an account, scanning/enumerating