Archives for Software Dev - Page 3
Strict HTTP Transport Not Enforced
Strict Transport Security Not Enforced What Is HSTS? HSTS (HTTP Strict Transport Security) is a browser-enforced policy that ensures a website is only accessed using HTTPS—even if a user…
Preventing CORS – Server Explicitly Sets CORS Headers for an HTTP Request versus CloudFlare
How a Server Explicitly Sets CORS Headers for an HTTP Request A server explicitly sets CORS headers by including them in the HTTP response to a cross-origin request. These headers…
CloudFlare and Server Side Whitelisting for CORS
Overview The CORs headers need to be set explicitly on the server. For some websites, CloudFlare can be used to control CORS header logic at the edge. Note that you…
Restricting CORS origin to a WHITELIST
Restricting CORS Origin to a Whitelist: Why and How? Modern web applications often rely on APIs hosted on different domains — this is called cross-origin communication. While useful, this opens…
Securing Browser Cookies in Outbound SSO: Best Practices
Securing Browser Cookies in Outbound SSO: Best Practices In an outbound Single Sign-On (SSO) scenario, a user logs into Site 1, which then authenticates access to Site 2. During this…
Best Practices for Username Recovery and Password Reset
🔐 Best Practices for Password Reset, Username Recovery & MFA Code Recovery In a digital world increasingly reliant on secure access, users often face hurdles like forgotten passwords, misplaced…
Security Questions in 2025
Security Questions in 2025: Recovery Crutch or (Bad) Second Factor? Security questions (“What was your first pet’s name?”) have been used for decades to prove “something you know.” Today,…
CORS origin False Positives
Almost all CORS misconfiguration notifications are false positive. If you have checked "Access-Control-Allow-Origin: *", you will get these false positives. It needs to be set to "Access-Control-Allow-Credentials: true
The art of teaching
What you are trying to teach - EXISTS independently of your teaching! So - it is a truth within this Universe. How you convey that truth is dependent upon…
Hashing and Loss of Information
Hashing and Loss of Information, Key Derivation Hash functions lose information that is present in the input data. This is required in order to generate a fixed-length output hash value. This…