Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ruby.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
If you are interested in the Ruby programming language, come join us! Tell us about yourself when signing up. If you just want to join Mastodon, another server will be a better place for you.

Administered by:

Server stats:

1.1K
active users

ruby.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#websecurity

5 posts5 participants0 posts today
halil deniz<p>SQL Injection Cheat Sheet: A Comprehensive Guide<br><a href="https://denizhalil.com/2025/04/02/sql-injection-cheat-sheet/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">denizhalil.com/2025/04/02/sql-</span><span class="invisible">injection-cheat-sheet/</span></a></p><p><a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>websecurity</span></a> <a href="https://mastodon.social/tags/sql" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sql</span></a> <a href="https://mastodon.social/tags/sqlinjection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sqlinjection</span></a> <a href="https://mastodon.social/tags/webapplicationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webapplicationsecurity</span></a> <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://mastodon.social/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ethicalhacking</span></a> <a href="https://mastodon.social/tags/blogger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blogger</span></a></p>
Public
Miguel Afonso Caetano

"API keys are foundational elements for authentication, but relying solely on them is inherently a risky proposal.

Firstly, there’s the reality that API keys are not securely designed — they were never meant to be used as the sole form of authentication, and as such, they aren’t really built for the task. These keys can often be easily stolen, leaked, or, in some cases (especially if generated incrementally), outright guessed. An API key is suitable for tracking usage but is poor for security.

There is also the additional reality that keys in their default state lack some critical functionality. There’s not a lot of verification built-in for identity management, and what does exist offers very little in the way of granular access control.

Ultimately, solely relying on API keys is a mistake common with novice developers but frighteningly common even in advanced products.

Best Practices
Instead of relying heavily on API keys as a sole mechanism, combine those keys with additional approaches such as OAuth 2.0 or mTLS. Implement rigorous expiration and rotation policies to ensure that keys which are made public are only useful for a short amount of time. Consider more advanced approaches, such as IP whitelisting or device fingerprinting, to add another layer of security atop the API key process."

nordicapis.com/9-signs-youre-d

Nordic APIs · 9 Signs You're Doing API Security Wrong | Nordic APIs |API security anti-patterns are common. From overreliance on API keys to a lack of rate limiting to no encryption, we explore the top ones.
#API#APIs#APISecurity
Public
Miguel Afonso Caetano

"It is now time to fix it for good. A new solution has been proposed: partitioning visited link history. This approach fundamentally changes how browsers store and expose visited link data. Instead of maintaining a global list, web browsers will store visited links with a triple-key partition:

- Link URL. The destination of the visited link.
- Top-Level Site. The domain of the main browsing context.
- Frame Origin. The origin of the frame rendering the link.

A link is only styled as :visited if it was visited from the same top-level site and frame origin (...) This approach guarantees isolation and works well with the web's same-origin policy. The system records only navigations initiated by link clicks or scripts—excluding direct address bar entries or bookmark navigations.

Key benefits of this model include: strong protection against cross-site history leaks, solving for good of many known side-channel attacks, support for meaningful styling within trusted, same-context domains, conforming to established web privacy principles and data protection regulations.

This feature is already implemented in Chrome (v132, behind a #partition-visited-link-database-with-self-links flag). I am confident that in 2025 we are going to have this privacy headache solved once and for all."

blog.lukaszolejnik.com/fixing-

Security, Privacy & Tech Inquiries · Fixing web browser history leaksWeb browsing history powers helpful features like styling visited links differently, allowing users to see where they've been before. While this usability feature provides navigational benefits, it also introduces a privacy risk. The handling of visited links happened to be a silent backdoor of a kind, allowing malicious sites to
#CyberSecurity#WebSecurity#Privacy
Public
N-gated Hacker News

🤔 Oh no! The sky is falling! 🌧️ The unauthenticated web is apparently under threat from those terrifying AI scrapers that just can't resist causing havoc. Clearly, we should all panic and throw our websites into the arms of corporate gatekeepers. 🙄
sethmlarson.dev/i-fear-for-the #AIThreats #WebSecurity #CorporateGatekeepers #PanicMode #HackerNews #ngated

sethmlarson.devI fear for the unauthenticated web
More from Seth Larson
Public
Tuvoc Technologies

Node.js Security in 2025: Best Practices and Threat Mitigation

bloggingaadd.com/nodejs-securi

Learn the best Node.js security practices for 2025 to protect your applications from evolving threats. Explore key strategies for threat mitigation, data protection, and secure coding.

#NodeJS
#CyberSecurity
#WebSecurity
#SecureCoding
#BackendDevelopment
#APISecurity
#TechTrends2025
#DataProtection
#SoftwareSecurity
#JavaScript
#SecureApps
#ThreatMitigation

Public
Tuvoc Technologies

Angular Security: 5 Practices Every Developer Should Know

tuvoc.com/blog/angular-securit

Enhance your Angular applications with top security practices every developer should know. Learn how to prevent common vulnerabilities and protect your app from threats.

#Angular
#WebSecurity
#CyberSecurity
#AngularBestPractices
#SecureCoding
#FrontendSecurity
#JavaScript
#WebDevelopment
#AppSecurity
#DataProtection
#SecurityBestPractices
#CodingTips
#SecureWebApps
#AngularDevelopment
#DevSecOps

Public
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕

Fingerprinting: Critics say Google rules put profits over privacy

Changes which come in on Sunday permit so-called "fingerprinting", which allows online advertisers to collect more data about users including their IP addresses and information about their devices.

🔎 bbc.com/news/articles/cm21g005

www.bbc.comFingerprinting: Critics say Google rules put profits over privacyGoogle is allowing advertisers to collect more personal information, which is harder for users to control.
#google#fingerprinting#privacy
ExploreLive feeds
About