Skip to main content
14 questions from the last 30 days
Newest Active Bountied Unanswered
-1 votes
0 answers
38 views

I am trying to implement license key logic in my app where users can enter the license key they bought from stripe or any payment provider and than, the entered license key would need to first ...
Zaid's user avatar
  • 513
Best practices
1 vote
3 replies
68 views

I tried use 6144 bits RSA key, but this has been taking so much time as around of 5 - 7 seconds to generate key pair, I think it's too long. On the other side, using keys with less length may become ...
humankind's user avatar
  • 43
0 votes
0 answers
47 views

Running security dump-trust-settings -d on my MacBook shows some company-specific certificates that I want Java's TrustManager to trust when creating SSL/TLS connections to internal company servers. I ...
David B's user avatar
  • 435
Advice
1 vote
0 replies
53 views

I am looking for simple examples which show a step-by-step guide on, for example, purposefully installing rootkits or other firmware-related malware in order to show how they work and their effects. I ...
peng33's user avatar
  • 11
Best practices
0 votes
0 replies
43 views

For this setup, let's assume that here are no libraries to use (public/private/paid or otherwise) and so this task has to be completed without them. Also, let's assume that all communication between ...
osswmi's user avatar
  • 43
Best practices
1 vote
0 replies
97 views

I'm setting up a secure CI/CD pipeline using GitHub Actions with self-hosted runners running in Kubernetes, and I want to build Docker images and push them to AWS ECR securely. Goals Build Docker ...
refaeldoron's user avatar
  • 1
Advice
0 votes
1 replies
28 views

I am having issue with our current login setup. We have multiple types of clients (mobile, webapp, spa). Our app has its own user managment a pretty old way to auth users (Each user recieve GUID and ...
PsyChonek's user avatar
  • 58
1 vote
0 answers
84 views

So I'm currently trying to setup two different security integrations. My snowflake instance already has a SAML security integration setup for users, where they're logging into okta using sso, this ...
thejoker34's user avatar
  • 309
-1 votes
1 answer
77 views

I’m implementing an offline license validation mechanism in a desktop/server application. The license has an expiration date and must continue to work without any online checks. The problem I’m facing ...
mohammed djefaflia's user avatar
  • 1
-3 votes
1 answer
120 views

I'm having trouble making my Python code generate the correct TOTPs using the test secret key 12345678901234567890, the same one used in the RFC6238 appendix B examples. I was able to get the correct ...
Mayssa Ghanmi's user avatar
  • 1
Best practices
0 votes
2 replies
96 views

I'm building a webhook handler that needs to accept webhooks from multiple providers (Stripe, GitHub, Shopify, Twilio, etc.). Each provider uses different signature verification methods: - Stripe: ...
abhineet's user avatar
  • 235
0 votes
1 answer
57 views

We are building a custom frontend application (SPA) that authenticates users against Microsoft Dataverse using MSAL and OAuth. The UI should hide certain navigation items and actions, e.g. show the &...
Rick H.'s user avatar
  • 21
Best practices
0 votes
1 replies
55 views

Some of the articles that I have seen lately imply that implementing a Back-end for Front End architecture is more secure for a SPA than a traditional setup as the tokens never leave the "...
JustAnotherUser's user avatar
  • 101
Advice
1 vote
3 replies
63 views

I am preparing a project for a computer networks course and I wanted to ask for advice. My teacher gave me this assignment for the exam: make an analysis on the vulnerabilities and attacks to protect ...
user31985044's user avatar
  • 1