What Are Some Ways to Prevent MITM Attacks or Other Session Exploitative Attacks with a Web Page That Uses JavaScript?

0 Comments

Problem scenario
You know that sessions of a JavaScript can be exploited in today’s world. This category of vulnerability is related to imperfections in authentication and is listed as the #2 biggest web application security risk as of June of 2020 (according to OWASP). What are some techniques to stop such attacks from happening when designing a website that uses JavaScript?

Possible Solution #1
Ensure cookie information is passed using connections that leverage HTTPS (as paraphrased from page 23 of Node.js Security by Liran Tal).

Continue reading “What Are Some Ways to Prevent MITM Attacks or Other Session Exploitative Attacks with a Web Page That Uses JavaScript?”

How Do You Install and Configure OWASP ZAP?

0 Comments

Problem scenario
You want to install OWASP ZAP (aka Open Web Application Security Project’s Zed Attack Proxy). You want to test it out. How do you do this on Linux?

Solution
Note: It is advisable to only install ZAP on OSes that have JREs that have up-to-date patches with regular maintenance. If you need assistance installing the JRE, see this posting.

Continue reading “How Do You Install and Configure OWASP ZAP?”

What is a Hacker?

0 Comments

Question
You have seen the word “hacker” appear in different contexts. You have seen it used to describe a cybercriminal. Moreover some companies proudly claim that they employ no hackers while only hiring trained software developers. In some articles the term hacker has a positive connotation. What is a hacker?

Answer
“Hacking tends to be a misunderstood topic, and the media likes to sensationalize,

Continue reading “What is a Hacker?”

What Are Some Ways to Prevent XSS Attacks with a Web Page That Uses JavaScript?

0 Comments

Problem scenario
You know that cross-site scripting (aka XSS) attacks are a big concern in today’s world. OWASP places XSS security risks as the seventh biggest web application risk as of June 2020. What are some techniques to stop such attacks from happening when designing a website that uses JavaScript?

Possible Solution #1
Have the HTML and JavaScript validate and escape regularly throughout the code.

Continue reading “What Are Some Ways to Prevent XSS Attacks with a Web Page That Uses JavaScript?”

How Do You Troubleshoot Ansible Errors about SELinux?

0 Comments

Problem scenario
You have Python 3 installed, but you do not have pip3 installed. One of the following also apply to your situation:

Problem scenario #1
You run an Ansible playbook. You receive the error message “Aborting, target uses selinux but python bindings (libselinux-python) aren’t installed.”

Problem scenario #2
You run an Ansible playbook.

Continue reading “How Do You Troubleshoot Ansible Errors about SELinux?”

How Do You Get the libselinux-python to Work with Python 3?

0 Comments

Problem scenario
You have Python 2 and Python 3 installed. When you run Python 3 programs, you get an error message about selinux. The message is consistent with libselinux-python not being installed.

When you enter the Python interpreter for Python 2, you can run this command without errors: import selinux

But when you enter the Python interpreter for Python 3 (e.g., python3), you get errors when you run this command: import selinux

Security of the server is not critical,

Continue reading “How Do You Get the libselinux-python to Work with Python 3?”

How Do You Troubleshoot the Adaware Antivirus Problem of “Definitions could not be updated”?

0 Comments

Problem scenario
You are using Adaware Antivirus. You try to download the latest definitions, but you get this error message: “Definitions could not be updated Something prevented the definitions from updating. Please try again at a later time.”

How do you update Adaware Antivirus?

Solution
Try a different internet connection. Some public WiFi spots may block certain ports. VPN tunnels may not help solve the problem.

Continue reading “How Do You Troubleshoot the Adaware Antivirus Problem of “Definitions could not be updated”?”

Should Environmental Data Be Placed Into Version Control?

0 Comments

Problem scenario
You are not sure if environmental specific values should be placed into version control. What should do you?

Solution
Some people think that everything should go into version control. But others disagree. Here are examples of each philosophy:

“You need to get everything in version control. Everything. Not just the code, but everything required to build the environment.” (This was taken from page 297 of The Phoenix Project.) This is very clear in how it disagrees with the twelve-factor app principles.

Continue reading “Should Environmental Data Be Placed Into Version Control?”

Why Does a User Not Have Access to a VPC when The Configuration Appears to Allow For Connectivity?

0 Comments

Problem scenario
A user has no access to a VPC from her workstation. What are three ways a user can be given access to resources in a VPC?

Four Possible, Independent Solutions

  1. Network Access Control lists. These are IP address firewalls for the VPCs themselves. Based on the IP address of the user’s workstation, Network Access Control lists can allow or disallow traffic to the VPC.

Continue reading “Why Does a User Not Have Access to a VPC when The Configuration Appears to Allow For Connectivity?”