irigsoft Posted November 29, 2023 Author Share Posted November 29, 2023 9 minutes ago, Thiago Moraes said: For DDoS, check out guides on setting up firewalls or using services like Cloudflare. SQL injection and HTML injection have plenty of tutorials with examples to help you grasp the concepts and prevention methods. And for JavaScript injection, look into securing your web apps against cross-site scripting (XSS). When it comes to discussions and forums, there are some great online communities like Stack Overflow or Reddit's r/netsec. Thanks for the explanation, but the questions are more about what is integrated in unigui and how to integrate it if it doesn't exist. I'm interested in various documentation and modern web security settings, standards, etc., but I don't know what it is and how it's integrated into unigui. For example, since unigui has AntiFlood settings, I want to use it and block the RemoteIP that creates it accordingly. Do you know how to do this in unigui without buying external software? The goal is to make the applications developed, through Uniguy, more secure by applying known standards and security measures Quote Link to comment Share on other sites More sharing options...
irigsoft Posted December 17, 2023 Author Share Posted December 17, 2023 Hello, I am posting this topic here as well. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted December 18, 2023 Author Share Posted December 18, 2023 Hello, I am posting this topic here as well. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 11 Author Share Posted January 11 Struggling with some (R.U.B.Y) attacks trying to control slow uploads, if anyone can help please advise: Quote Link to comment Share on other sites More sharing options...
Norm Posted January 11 Share Posted January 11 I provided an alternative javascript based FileUpload function that you can modify to achieve what you are after. E.g. you can monitor the rate of upload or set a timeout for the upload and abort the upload on timeout. Have a look at the thread and let me know if you need further help. I suggest you start by downloading and examining the last project I uploaded on the thread. 1 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted February 18 Author Share Posted February 18 If someone can help please advice Quote Link to comment Share on other sites More sharing options...
irigsoft Posted February 18 Author Share Posted February 18 How to replace characters in uniEdit onkeydown. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted February 18 Author Share Posted February 18 if some can help to encoded HTML for MainForm to protect from DOM XSS Quote Link to comment Share on other sites More sharing options...
irigsoft Posted February 24 Author Share Posted February 24 https://www.wolfe.id.au/2012/10/20/what-is-hmac-authentication-and-why-is-it-useful/ Hi, I'm adding a topic about using basic authorization here. If anyone can help how to use HMAC in it, I will be grateful: Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 17 Author Share Posted March 17 Hello, How to make some protection from Session Hijackas is explaned here: https://www.linkedin.com/advice/1/what-best-ways-prevent-session-hijacking#monitor-and-audit-sessions? Is there a way to protect the app from session token theft? here https://www.imperva.com/learn/application-security/session-hijacking/ they talk about how to protect the user with: Prevention is the most effective strategy against session hijacking. For users, this includes basic security practices such as avoiding public Wi-Fi for sensitive transactions, using VPNs, and keeping software up to date. It’s also important for users to be aware of phishing tactics and to understand the importance of logging out of sessions, especially on shared computers. but how to secure communication between server and client? Is it somehow possible to: 1. We get the session ID generated when the session was opened 2. We get some user data that is unique to this session 3. Add some variable from the server 4. with points 1 + 2 + 3, we create a unique token for this session and its user data So when someone tries to use a hijacked session id, the server knows about it? like here is explained: For web developers and organizations, prevention requires a more technical approach. This includes implementing HTTPS across all pages, using secure cookies, and adopting robust session management practices. ...... Developers play a crucial role in preventing session hijacking by building security into their applications. This includes: Additionally, developers can utilize custom session handlers that store session data more securely and regenerate session IDs after a successful login, further reducing the risk of session hijacking Creating strong session management mechanisms Monitor and audit sessions: https://www.linkedin.com/advice/1/what-best-ways-prevent-session-hijacking#monitor-and-audit-sessions (this is already applyed) Employing secure coding practices to mitigate XSS and other vulnerabilities Using multi-factor authentication (MFA) to add an extra layer of security Quote Link to comment Share on other sites More sharing options...
irigsoft Posted April 1 Author Share Posted April 1 If someone already make it , please help. How do I block duplicate GET URL parameters? HTTP Parameter Pollution (HPP) : https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution Insecure direct object references (IDOR) : https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.