I am currently working with an application called in-toto, which is a security vulnerability tool. I have successfully set it up on my local laptop and run the initial commands. Now, I have several private repositories hosted on GitHub, with over 30 users working on these repositories locally. I want to integrate in-toto verification into

I have an ASP.NET Core 6.0 Web API. I have implemented CI/CD to release changes and also integrated a vulnerability scanning tool (tviry) into the project to check for vulnerabilities in the code. Today, I came across a strange vulnerability in a library that is not installed in the project. To fix the vulnerability, Of

I am currently working on a project where I would like to make sure that users do not reuse their recent passwords; are too similar to their current password (i.e. just tacking a number or symbol such as a ‘!’ to the end of the password. I have seen websites and applications that have enforced

In order to prevent vulnerable, transitive dependencies, I added guard versions to the Directory.Packages.props file, used for Central Package Management (CPM) in Visual Studio 2022. Transitive pinning is enabled, of course: <ItemGroup> <!-- Minimum versions everywhere, preventing vulnerable dependencies --> <!-- CVE-2024-32655 in <=6.0.10/8.0.2; can be removed when >=6.0.11/8.0.3 in all dependencies. --> <PackageVersion Include="Npgsql"

This is quite strange. I was troubleshooting some networking issues in my data center using TigerShark while connected via VPN from my personal Mac. During the process, I utilized some AI analysis on the network packets, and something unusual surfaced. My Postman process was recorded reaching out to a TOR IP address, 162.247.243.29, which immediately

The documentation of self-hosted runners states the following https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners : As a result, self-hosted runners should almost never be used for public repositories on GitHub, because any user can open pull requests against the repository and compromise the environment. Similarly, be cautious when using self-hosted runners on private or internal repositories, as anyone who can

I am Haskell beginner. I wrote a simple code and compiled it with ghc. As a result of checking the compiled binary with the command checksec, PIE was not applied and RelRO was set to partial. λ vm-ubuntu22 projects → checksec --file haskell_code RELRO STACK CANARY NX PIE RPATH RUNPATH FILE Partial RELRO No canary

I am building a dApp on Solana and am part of a trading group, we look to add information about the risks of every Solana token. Similar to token sniffer on Ethereum, a security scan on Solana would be nice. I only found Ethereum security APIs, which API is on Solana for security checks? You

Been having a good time trying out Deno and exploring the security/permissions system. I have a simple web application that connects to redis that I’m configuring a docker-compose setup. The hostname in the container network is simply redis. When connecting to the redis container using the url redis://redis:6379, The deno application reports the error: error:

I’m preparing to implement my own authorization server. I plan to add MFA support with OTP. I have a security concern regarding my way of understanding how it’s gonna work in my planned app. I plan to have 2 apps: Backend related service to handle authorization/authentication, Frontend app implemented in some framework for delivering UI