Browsing Category:

Security

Using Python to Find Firebase Storage Security Misconfigurations in Hardcoded Repositories

Most applications need a database to store backend data, and Google Firebase is a great choice for serverless data management. It’s a cloud-based database hosted in Google Cloud, and it’s simple to connect from your mobile app code. Its use cases span from chat applications to easier ways to send…

excel spreadsheet formulas

CSV Injection Tutorial for Beginner Developers (with examples)

It’s common in coding to work with CSV (Comma Separated Values) files to transfer data between platforms or allow users to download files that can then be used in their favorite application. CSV files are just text files where each value in a record is separated by a comma. As…

secure session

Session Hijacking Tutorial for Beginner Developers

As a programmer, you will often work with user sessions. A user session is a randomly generated alphanumeric value that identifies the user on the server. In most applications, the user session is stored in a cookie for reuse as the user makes calls back to the server in the…

secure programming

Easy Buffer Overflow Attack Tutorial for Beginner Programmers

When a software developer codes a variable into their application, the system allocates a specific number of bytes to hold data. Usually, the data passed to the variable is from user input, but it could also be from another system or application. Some languages have validation in place that makes…

How to Set Up an SSL Certificate on an Azure IIS VM Without Powershell

I recently moved a website from an Azure app service that was costing way too much for a small WordPress site to a virtual machine that gave me more control and cost less money every month. A virtual machine for a small site costs less but takes much more setup…

Why Chrome Responds with The SSL Certificate Used to Load Resources Will Be Distrusted in M70

If you’ve looked at your site from Chrome Developer Tools and use an SSL certificate that you purchased from Symantec, you probably see the following warning: The SSL certificate used to load resources from https://xxxxxx.com will be distrusted in M70. Once distrusted, users will be prevented from loading these resources.…

Apple and iCloud security breach

Countdown to iCloud Hacker Threats — Will 300 Million iCloud Accounts Be Wiped?

Quietly, a group of hackers called the Turkish Crime Family announced on Twitter that they plan to factory reset 300 million iCloud accounts on April 7th. The news hasn’t been widely spread, mainly because there is a question of the data’s legitimacy. They’ve demanded $70,000 from Apple, but Apple seems…

captcha helps avoid spam email

Avoiding the Captcha Scammer at Upwork

Catpchas are those images that display words, numbers or letters used to filter out spammers. When you submit a form on a website, you have probably run into a captcha once or twice. Some of them are easy to decipher while others are hard to read. The images are obscured…

Freelance scams

Beware of Upwork Freelance Scams Using Google Hangouts

Upwork is a great place for freelancing. You can add some part time income to your usual work regimen, or you can make a full-time career using leads posted to the freelancing site. Because of its loose requirements, Upwork has also become a target for scammers. Unfortunately, many new freelancers…

Some Domain Registration Notices are Meant to Scam You Out of Money

Domain registration scams are common since most people own at least one domain. They take advantage of a user’s naivety and urgency of renewing a domain name. As most of us know, if you don’t get your domain renewed in time, the registrar seizes it and you lose your investment.…