Software Dev Archives - Page 2 of 64 - Anuj Varma, Hands-On Technology Architect, Clean Air Activist

Archives for Software Dev - Page 2

Thales HSM – Key Concepts

August 21, 2025 Thales HSM – Key Concepts2025-08-21T14:38:22-05:00 encryption No Comment

Thales HSM – Key Concepts Applies to Luna, nShield, and Thales Data Protection on Demand (DPoD) 1) What an HSM Does Tamper-resistant hardware for generating, storing, and using cryptographic keys…

Decentralized CAs

July 20, 2025 Decentralized CAs2025-07-20T20:36:29-05:00 blockchain No Comment

Operating a Decentralized Certificate Authority with Tokenized Incentives A decentralized Certificate Authority (CA) eliminates reliance on a single central CA. Instead, certificate issuance and revocation are handled by a…

Cross Site Scripting – Explained

July 8, 2025 Cross Site Scripting – Explained2025-07-08T18:30:47-05:00 No Comment

Reflected XSS Explained Reflected Cross-Site Scripting (XSS) is a type of web vulnerability where untrusted input is immediately echoed (or "reflected") by the server in an HTTP response without…

How attackers can bypass CloudFlare

July 1, 2025 How attackers can bypass CloudFlare2025-07-01T12:17:45-05:00 No Comment

Also read CloudFlare and CORs Whitelisting Introduction To ensure that Origin Server denies all IPs except the CloudFlare IP (this will need to be AT the server level, not cloudlfare).…

Why are Root CAs often offline?

June 29, 2025 Why are Root CAs often offline?2025-06-29T20:26:10-05:00 encryption No Comment

Root Certificate Authority Often a Standalone Server? 1. Ultimate Trust Anchor The Root CA is the trust anchor of the entire PKI hierarchy. If compromised, all subordinate certificates become untrustworthy.…

CSRF protection for APIs?

June 27, 2025 CSRF protection for APIs?2025-06-27T14:32:50-05:00 No Comment

High Level Overview Cookie-authenticated APIs versus Authorization headers What Is CSRF Protection for API Endpoints? CSRF stands for Cross-Site Request Forgery. It’s a type of web attack where a malicious…

How Can a Hacker Abuse Poor CORS Configuration?

June 27, 2025 How Can a Hacker Abuse Poor CORS Configuration?2025-06-27T13:40:32-05:00 Web Applications No Comment

Basic High Level Flow The attacker hijacks your authentication credentials (your cookie) - and uses that to call a sensitive API. If the API is callable from 'all origins', then…

File Transfer versus APIs

June 27, 2025 File Transfer versus APIs2025-06-27T13:32:49-05:00 Web Applications No Comment

API vs File Transfer: Choosing the Right Method for Data Exchange APIs and file transfers are both widely used methods for data exchange between systems. While they serve a similar…

What the heck is CORs? Can CloudFlare help me with CORs security issues?

June 27, 2025 What the heck is CORs? Can CloudFlare help me with CORs security issues?2025-06-27T12:31:54-05:00 Web Applications No Comment

Why CORS Is Important (And How to Secure It) Why CORS Is Important (And How to Secure It) What is CORS and why is it important? CORS (Cross-Origin Resource Sharing)…

Session-based vs Token-based Authentication

June 26, 2025 Session-based vs Token-based Authentication2025-06-26T14:45:44-05:00 No Comment

Session-based vs Token-based Authentication - Q and A Q: Aren’t session-based and token-based authentication basically the same? At first glance, they do appear similar: You authenticate with a service. The…

‹123 4 ›»