John's blog

Talking about technology (mostly)

The Six Dumbest Ideas in Computer Security

Posted on 2023-03-20 [Monday] by Jay Jay

Reply

This is good: The Six Dumbest Ideas in Computer Security.

It referenced this, which is also good: Personal observations on the reliability of the Shuttle by R.P. Feynman.

OWASP SCP Quick Reference Guide v2

Posted on 2023-03-20 [Monday] by Jay Jay

Reply

Had a quick read of this old chestnut: OWASP SCP Quick Reference Guide v2.

CSRF, CORS, and HTTP Security headers Demystified

Posted on 2021-04-30 [Friday] by Jay Jay

This on Hacker News today: CSRF, CORS, and HTTP Security headers Demystified.

The above article referred to OWASP SameSite doco, and you can read about how to implement that with PHP.

security.txt

Posted on 2021-03-15 [Monday] by Jay Jay

This security.txt looks like a good idea.

OWASP Cheat Sheet Series

Posted on 2021-02-16 [Tuesday] by Jay Jay

Oh wow, this is great: OWASP Cheat Sheet Series.

PHP Security Best Practices

Posted on 2019-08-05 [Monday] by Jay Jay

I found an interesting article: Linux 25 PHP Security Best Practices For Sys Admins

Fixing Firefox/Iceweasel restricted port

Posted on 2015-05-27 [Wednesday] by Jay Jay

Reply

Today I ran into this warning from iceweasel when I tried to access a web service on port 101:

This address is restricted

This address uses a network port which is normally used for purposes other than Web browsing. Iceweasel has canceled the request for your protection.

I found this article which said:

Open about:config
Create network.security.ports.banned.override if it’s not there
Set that setting as, e.g.: 101-104
Refresh the page

The Open Web Application Security Project

Posted on 2012-10-20 [Saturday] by Jay Jay

Reply

Read a little from the Open Web Application Security Project today.

The 5 Hardest Parts of Programming

Posted on 2012-07-19 [Thursday] by Jay Jay

Reply

An article on The 5 Hardest Parts of Programming which discusses optimisation, networking, security, reliability and scalability.

Security considerations for find

Posted on 2012-02-09 [Thursday] by Jay Jay

41

Read about the security considerations for find. Find is a *nix tool for searching though directories for files and filtering them to build lists or run commands.

While I’m here I might as well show you my latest find command, I think it’s a beauty. :)

sudo find . \
  \( \( \( \! -user jj5 \) -or \( \! -group jj5 \) \) \
    -execdir chown jj5:jj5 '{}' \+ \) , \
  \( \( -type d \( \! -perm -u+rwx \) \) \
    -execdir chmod u+rwx '{}' \+ \) , \
  \( \( -type f \( \! -perm -u+rw \) \) \
    -execdir chmod u+rw '{}' \+ \)