How to find the SSL Certificate in Chrome

If you ever wanted to know how to find the SSL certificate information in a browser like Chrome, look no further!
CertificateBefore and up to around Google Chrome version 55, I could view the details of the certificate a website was using by clicking on the green lock icon in the address bar.
Now, you can find this information by going to the Three Dots Menu on the Right of your Chrome Window -> More Tools -> Developer Tools, then click on the Security Tab. This will give you a Security Overview with a “View Certificate Button”.
View Cert
CertificateInfo

Advertisements

Using the Same-Site Cookie Attribute to Prevent CSRF Attacks

Thanks to a new cookie attribute, that Google Chrome started supporting on the 29th of March, and other the popular browsers followed, there is now a solution. It is called the Same-Site cookie attribute. Developers can now instruct browsers to control whether cookies are sent along with the request initiated by third party websites – by using the SameSite cookie attribute, which is a more practical solution than denying the sending of cookies.

Setting a Same-Site attribute to a cookie is quite simple. It consists of adding just one instruction to the cookie.  Simply adding ‘SameSite=Lax’ or ‘SameSite=Strict’ is enough!

Set-Cookie: CookieName=CookieValue; SameSite=Lax;
Set-Cookie: CookieName=CookieValue; SameSite=Strict;

Read more on the Netsparker website

Prerequisites:

IIS Server with URL Rewriter Module Installed.

.NET Code

<system.webServer>
<rewrite>
<outboundRules>
<rule name=”Add SameSite”>
<match serverVariable=”RESPONSE_Set_Cookie” pattern=”.*” />
<conditions>
<add input=”{R:0}” pattern=”; SameSite=strict” negate=”true” />
</conditions>
<action type=”Rewrite” value=”{R:0}; SameSite=strict” />
</rule>
</outboundRules>
</rewrite>

SQL Injection for beginners

When we talk about security vulnerabilities in software it’s worth thinking about computer programmes on a fundamental level. On the simplistic level a computer programme is something which takes in an input, usually from the user in the form of text, processes that input, which changes the state of the machine, and then gives as output or result to the user. A bug is when certain inputs aren’t processed correctly and the wrong output is given. For example, if 1 plus 1 results in 3. A security bug however, can be when a certain input is processed in such a way that compromises the security of information managed by a programme and may even output it. We often see this in practice in web applications. Continue reading “SQL Injection for beginners”

Login page password-guessing attack (Accunetix)

A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works.

This login page doesn’t have any protection against password-guessing attacks (brute force attacks). It’s recommended to implement some type of account lockout after a defined number of incorrect password attempts. Consult Web
references for more information about fixing this problem.

CVSS Base Score: 5.0
– Access Vector: Network
– Access Complexity: Low
– Authentication: None
– Confidentiality Impact: Partial
– Integrity Impact: None
– Availability Impact: None
CWE CWE-307
Affected item /Admin/Login.aspx
Affected parameter
Variants 2

Blocking Brute-Force Attacks

A common threat Web developers face is a password-guessing attack known as a brute-force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your Web site requires user authentication, you are a good target for a brute-force attack. Continue reading “Login page password-guessing attack (Accunetix)”

Cyber Crime Protection Methods

There is a very old and correct saying that goes on to say that a coin has two sides.

Like a coin almost every aspect of life has two sides. For example the most common example can be taken of the advent of technology and the crime associated with it. With the advent of time and technology, computers have formed an integral part of the working society.

Computers along with them have brought greater work and time efficiency in the working circle of the society as a whole. But there comes the twist. Along with all the benefits that computers and technology have brought, there also comes the rising and alarming threat of cyber crime.
Continue reading “Cyber Crime Protection Methods”

Internet Security Through Code Signing, 2017 revision

I originally posted this article in 2014 and I wanted to rehash a few methods of performing code signing.

Internet Security Through Code Signing

Code signing is the method of using a certificate-based digital signature to sign executables and scripts in order to verify the author’s identity and ensure that the code has not been changed or corrupted since it was signed by the author. This helps users and other software to determine whether the software can be trusted. Continue reading “Internet Security Through Code Signing, 2017 revision”

How does ransomware work?

We’ve all heard at one point ransomware being mentioned – computers hijacked by evildoers and then encrypted with a key which was available at a cost to the unaware user.

People have been asking – how does it spread? Can it come through the network? Is it a download or an exe file you have to click to get it on your machine?

What makes ransomware so effective? Continue reading “How does ransomware work?”