I'm not an expert in cyber security and exploits. I need help figuring out if my app is vulnerable and in what way. Let's assume I'm an idiot (and I'm not to this extent), and I leave the possibility for…
I've found documentation for an insecure ktor websocket server (ws://...): https://ktor.io/docs/creating-web-socket-chat.html#creating-the-chat-client I've found documentation for a secure ktor http server (https://...) https://github.com/ktorio/ktor-documentation/tree/main/codeSnippets/snippets/ssl-embedded-server But I can't seem to find or figure out how to serve a secure ktor websocket server (wss://...)…
I have an ASP.net Web API that inserts data from the user after they purchase a product in a Xamarin Application I am currently developing. However, data can also be inserted by simply calling the URL on a web browser…
My Dockerfile is pretty simple, code below. It is an Angular App. Once I merge the code to my main branch CodePipeline takes over, CodeBuild will build the image and push to ECR and CodeDeploy will use that image to…
I've got a site that has been hacked for the fourth time now this month. With scripts hosted on autofaucet.org. (sloppy code even, found their names. Some Russian dudes. But that's off topic) I've taken some measurements to prevent a…
Stack is: Angular Laravel S3 nginx I'm using S3 to store confidential resources of my users. Bucket access is set to private which means I can access files either by creating temporary (signed, dynamic) links or by using Storage::disk('s3')->get('path/to/resource') method…
Do shortcode attributes in WordPress need escaping if it's user inputted data? This plugin suggests accepting unsanitised from user input and passing it through via the shortcode. https://connekthq.com/plugins/ajax-load-more/extensions/relevanssi/ Surely this should be sanitised similar to my example below? I am…
I have some customers that use some "older" Magento 2 versions, like for example 2.3.4. I would like to keep the store updated with the latest security patches but without doing a full Magento 2 upgrade. How can I install…
I've follow the documentation of I've read https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html and I want to create a security group in AWS which allows only one IP access to ports 80 or 443, but AWS is blocking everything even the IP which should have…
I'm really new to modsecurity and I'm having some issues in understanding the rule editing. I need to return 200 to the requests arriving form a specific endpoint that starts with /myendpoint/ but I still want to deny the endpoint…