/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

www.sjoerdlangkemper.nl
| | statuscode.ch
2.1 parsecs away

Travel
| | We're constantly working on adding more security features and hardenings to Nextcloud, after all it's your data and it has to be protected properly. While the Nextcloud 9 release fixes a critical security issue (we have informed upstream about this but in the meanwhile recommend upgrading as soon as possible) it also adds another new...
| | timtech.blog
2.4 parsecs away

Travel
| | Fun with Cross-Site Request Forgery (CSRF) in a creative Web Timing Attack scenario, highlighting the risks inherent to SameSite=None session cookies.
| | blog.plataformatec.com.br
3.1 parsecs away

Travel
| | A security bug (CVE-2015-8314) has been reported in Devise's remember me system. Devise implements the "Remember me" functionality by using cookies. While this functionality works across multiple devices, Devise ended-up generating the same cookie for all devices. Consequently, if a malicious user was able to steal a remember me cookie, the cookie could be used
| | wouterj.nl
7.7 parsecs away

Travel
| Cross-site Request Forgery (CSRF) is one of the traditional vulnerabilities that web applications have to deal with. Every web framework - including Symfony - supports CSRF protection out of the box. A lesser known vulnerability is Login CSRF, a special kind of CSRF attack.