Best of SecurityJune 2024

  1. 1
    Article
    Avatar of devtoDEV·2y

    REST API Design Rules

    Importance of clean REST API designs for usability, maintainability, security, performance, development time, scalability, reusability, and documentation. URI rules include plural collections, singular/singletons, no trailing forward slashes, hyphen use, lowercase letters, no file extensions, and avoiding CRUD function names. HTTP method rules for creating, reading, updating, deleting, and patching resources. Versioning for maintaining backward compatibility and consistent API design.

  2. 2
    Article
    Avatar of devtoDEV·2y

    Mastering Version Control with Git: Beyond the Basics

    This post delves into advanced strategies and workflows for mastering version control with Git. It covers branching strategies, best practices for working with feature branches, Git hooks for automation, and more.

  3. 3
    Article
    Avatar of communityCommunity Picks·2y

    JWT vs PASETO: New Era of Token-Based Authentication

    The post offers a detailed comparison between JWT (JSON Web Token) and PASETO (Platform-Agnostic Security Tokens), examining their core functionalities, security features, and potential vulnerabilities. While JWT is popular for its simplicity, PASETO addresses many of its security issues by enforcing safer defaults and mitigating algorithm confusion. The post covers the workflows of both token types, their structures, and key differences in their approach to security, making it a valuable read for developers looking to implement secure token-based authentication.

  4. 4
    Article
    Avatar of medium_jsMedium·2y

    Airclap — Send any file to any device

    Airclap is a cross-platform file transfer tool that enables users to easily share any file type across devices like iOS, macOS, Android, Windows, and Linux. With a minimalist design, it offers secure and high-speed transfers using AES encryption and a customized SSDP discovery protocol. Key features include one-step file transfer, offline sending, and integration with over 20 languages. It supports numerous use cases ranging from developer workflows to educational resource sharing. Airclap is permanently free and does not require an internet connection, ensuring user data privacy.

  5. 5
    Video
    Avatar of fireshipFireship·2y

    Unhinged ransomware attack targets hospitals

    A ransomware attack targeted hospitals in London, forcing them to shut down services and divert patients. The attack is believed to be the work of Russian hackers, who have been behind many ransomware attacks in the past. Ransomware attacks work by penetrating computer systems, exploring valuable data, encrypting it, and demanding payment in untraceable cryptocurrencies.

  6. 6
    Article
    Avatar of communityCommunity Picks·2y

    I fought a DDoS and lived to tell the tale

    The post recounts the author's experience dealing with a DDoS attack and provides advice on how to protect against such attacks.

  7. 7
    Article
    Avatar of communityCommunity Picks·2y

    Securing Node.js in Production: Expert Practices for Every Developer

    This post provides expert practices for securing Node.js applications in production, including operating without root privileges, keeping NPM libraries up-to-date, customizing cookie names, implementing secure HTTP headers with Helmet, rate limiting, enforcing strong authentication policies, minimizing error details, vigilant monitoring, embracing HTTPS-only policy, validating user input, and leveraging security linters.

  8. 8
    Video
    Avatar of communityCommunity Picks·2y

    Authentication in React with JWTs, Access & Refresh Tokens (Complete Tutorial)

    This post explains the importance of authentication in a React application and how to handle it using JWTs, access tokens, and refresh tokens. It emphasizes the need for proper authentication to ensure security and prevent data breaches. The post also provides a code example that shows how to implement authentication in a React codebase.

  9. 9
    Article
    Avatar of csoonlineCSO Online·2y

    7 open source security tools too good to ignore

    Open-source security tools play a critical role in preventing cyber threats and data loss. Tools like ZAP, Wireshark, Bloodhound Community Edition, Autopsy, MISP, Let’s Encrypt, and GNU Privacy Guard are essential for tasks ranging from vulnerability scanning and packet analysis to forensic investigations and encryption. These community-backed tools offer robust functionalities to detect and manage security risks, making them indispensable for security teams.

  10. 10
    Article
    Avatar of hnHacker News·2y

    From dotenv to dotenvx: Next Generation Config Management

    Dotenvx, the evolution of the popular configuration tool dotenv, addresses major security and usability issues. It provides cross-platform consistency, supports multiple environments, and introduces encryption for .env files. Dotenvx aims to be the next generation in configuration management, offering features like runtime environment injection and enhanced security through public-key cryptography. Its release marks an important upgrade for managing environment variables securely and efficiently.

  11. 11
    Video
    Avatar of t3dotggTheo - t3․gg·2y

    This GitHub CSS Exploit Is WILD

    Exploits with CSS on GitHub were found, disclosed, and patched. The CSS injection allowed for the rendering of images and executing actions on the site.

  12. 12
    Article
    Avatar of communityCommunity Picks·2y

    sindresorhus/awesome-nodejs: :zap: Delightful Node.js packages and resources

    A curated list of Node.js packages and resources for developers.

  13. 13
    Article
    Avatar of communityCommunity Picks·2y

    getsops/sops: Simple and flexible tool for managing secrets

    SOPS is a versatile tool designed for managing encrypted files in formats including YAML, JSON, ENV, INI, and BINARY. It supports encryption using AWS KMS, GCP KMS, Azure Key Vault, age, and PGP. Users can access binaries and packages from its GitHub releases or explore unstable features in the main branch by installing from source. SOPS allows for easy integration with AWS IAM for managing master keys and supports various encryption contexts and roles. The use of `.sops.yaml` files facilitates configuration and management of encryption setups. For those wanting to decrypt or encrypt files, SOPS offers a streamlined command-line interface with various flags for customization.

  14. 14
    Article
    Avatar of securityboulevardSecurity Boulevard·2y

    Daniel Stori’s ‘Just Touch It’

    A post about Daniel Stori's 'Just Touch It' on the Security Bloggers Network.

  15. 15
    Article
    Avatar of trunkioTrunk.io·2y

    3351 new vulnerabilities discovered in the last 30 days.

    In the last 30 days, 3351 new CVEs were created and 6163 were updated. Many codebases have vulnerabilities due to outdated dependencies, such as an old version of Lodash. To mitigate risks, consider shifting security left with tools like OSV Scanner, trufflehog, checkov, and Trivy. Proactive static analysis tools like Snyk and Sonarqube can help catch issues before they affect your codebase. Regularly scan your dependencies to ensure security.

  16. 16
    Article
    Avatar of systemweaknessSystem Weakness·2y

    Password Cracking 101

    Learn essential techniques for cracking password hashes and analyze cryptographic algorithms. Discover the concepts of cryptography, hashing, and salting. Get hands-on with tools like hashid, ShellScript, PowerShell, MD5, and Hashcat for practical password cracking exercises.

  17. 17
    Article
    Avatar of communityCommunity Picks·2y

    Blockchain Fundamentals #1: What is a Merkle Tree?

    Learn about Merkle Trees, a data structure used for summarizing and verifying data integrity. Discover how hashing functions work and the advantages of using Merkle Trees in blockchain technology.

  18. 18
    Article
    Avatar of hnHacker News·2y

    Shodan

    Discover the Internet beyond websites with Shodan, stay secure, monitor your devices, and gain insights into technology trends.

  19. 19
    Article
    Avatar of communityCommunity Picks·2y

    2/6 | Exposing Malicious Extensions: Shocking Statistics from the VS Code Marketplace

    The VSCode Marketplace hosts around 60,000 extensions with 3.3 billion installs. The popularity of extensions poses a security risk as threat actors can infiltrate organizations. Visual Studio Code is a security risk due to its sensitive access to organizational codebase and high privileges. The VSCode Marketplace has several known malicious and risky extensions that have been identified.

  20. 20
    Article
    Avatar of infoworldInfoWorld·2y

    6 security best practices for ASP.NET Core

    Learn about 6 security best practices for ASP.NET Core, including enforcing HTTPS, using HSTS, preventing CSRF attacks, thwarting XSS attacks, preventing SQL injection, and creating custom error pages.

  21. 21
    Article
    Avatar of collectionsCollections·2y

    How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension and the Tool That Arose From It

    A cybersecurity team successfully infiltrated multi-billion dollar companies in just 30 minutes using a fake VSCode extension, revealing significant vulnerabilities. This experiment led to the creation of ExtensionTotal, a tool designed to assess the risks associated with VSCode extensions. The team also launched a Supporters Program to sustain the project and is developing a guide for CISOs to integrate ExtensionTotal into security protocols, enhancing organizational cybersecurity.

  22. 22
    Article
    Avatar of twirThis Week In React·2y

    This Week In React #189: Next.js Security, Memoization, useFormStatus, React State, Remix Typesafe Routes, Astro, Starlight, Hydrogen, Remotion, Lingui, Storybook, Skia Video, Starlink, App Clips, Vis

    This post discusses various topics related to React, Next.js, and React Native. It covers Next.js security checklist, type-safe route modules coming to Remix/React Router 7, and building a notification system in Next.js with Knock.

  23. 23
    Article
    Avatar of devopsDevOps.com·2y

    Shift Left is Dead

    Developers face unrealistic expectations and systemic pressures in the fast-paced tech environment, leading to bypassing security measures and pushing untested code into production. The shift-left movement and reliance on AI tools exacerbate these issues. Effective project management and investment in developer experience are necessary to counter these trends. Clear expectations, refined processes, and a responsible development culture can mitigate risks and maintain quality and safety.

  24. 24
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·2y

    HOW I HACKED NASA?

    A security researcher shares their journey of hacking NASA and getting listed on the Hall of Fame page.

  25. 25
    Article
    Avatar of devtoDEV·2y

    🎯 Strategies for Effective Urgent Ticket Classification

    Strategies for effective urgent ticket classification, including criteria for classifying urgency, helping non-technical people understand urgency, and tools and practices for managing urgent tickets.

See all Security archives