|
You are here |
www.sjoerdlangkemper.nl | ||
| | | | |
statuscode.ch
|
|
| | | | | We're constantly working on adding more security features and hardenings to Nextcloud, after all it's your data and it has to be protected properly. While the Nextcloud 9 release fixes a critical security issue (we have informed upstream about this but in the meanwhile recommend upgrading as soon as possible) it also adds another new... | |
| | | | |
timtech.blog
|
|
| | | | | Fun with Cross-Site Request Forgery (CSRF) in a creative Web Timing Attack scenario, highlighting the risks inherent to SameSite=None session cookies. | |
| | | | |
blog.plataformatec.com.br
|
|
| | | | | A security bug (CVE-2015-8314) has been reported in Devise's remember me system. Devise implements the "Remember me" functionality by using cookies. While this functionality works across multiple devices, Devise ended-up generating the same cookie for all devices. Consequently, if a malicious user was able to steal a remember me cookie, the cookie could be used | |
| | | | |
wouterj.nl
|
|
| | | Cross-site Request Forgery (CSRF) is one of the traditional vulnerabilities that web applications have to deal with. Every web framework - including Symfony - supports CSRF protection out of the box. A lesser known vulnerability is Login CSRF, a special kind of CSRF attack. | ||