med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

363
active users

#websecurity

1 post1 participant0 posts today
Alesandro Ortiz 🇵🇷🏳️‍🌈<p>👋🏻 I'll be at DEF CON and Google 0x0g in a couple of weeks. Hit me up if you want to chat about browser/web/extension security and privacy.</p><p>It's my first DEF CON, so quite excited! I expect to be most of Friday at the Bug Bounty Village.</p><p><a href="https://infosec.exchange/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon</span></a> <a href="https://infosec.exchange/tags/defcon33" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon33</span></a> <a href="https://infosec.exchange/tags/browsersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>browsersecurity</span></a> <a href="https://infosec.exchange/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a></p>
The Internet is Crack<p>Cloudflare Slams the Gate on AI’s Data Feast</p><p><a href="https://mastodon.social/tags/TheInternetIsCrack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheInternetIsCrack</span></a> <a href="https://mastodon.social/tags/AIethics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIethics</span></a> <a href="https://mastodon.social/tags/DataScraping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataScraping</span></a> <a href="https://mastodon.social/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloudflare</span></a> <a href="https://mastodon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a></p>
Khürt Williams<p>Important work happening around HTTP Signatures in the Fediverse. Stronger key validation, better digest handling, clearer test vectors—all steps toward more secure and trustworthy ActivityPub communication.<br>HTTP Signature Upgrades Coming&nbsp;Soon</p><p><a href="https://activitypub.blog/2025/07/03/http-signature-upgrades-coming-soon/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">activitypub.blog/2025/07/03/ht</span><span class="invisible">tp-signature-upgrades-coming-soon/</span></a></p><p><a href="https://indieweb.social/tags/Fediverse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fediverse</span></a> <a href="https://indieweb.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://indieweb.social/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ActivityPub</span></a> <a href="https://indieweb.social/tags/DigitalIdentity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalIdentity</span></a> <a href="https://indieweb.social/tags/HTTPsignatures" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTTPsignatures</span></a> <a href="https://indieweb.social/tags/Decentralisation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Decentralisation</span></a> <a href="https://indieweb.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a></p>
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕<p>Bot or not? A short history of web bots and bot detection techniques<br>– from <span class="h-card" translate="no"><a href="https://toot.works/@OlegWock" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>OlegWock</span></a></span></p><p>🤖 <a href="https://sinja.io/blog/bot-or-not" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sinja.io/blog/bot-or-not</span><span class="invisible"></span></a></p><p><a href="https://chaos.social/tags/web" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>web</span></a> <a href="https://chaos.social/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://chaos.social/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://chaos.social/tags/itsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>itsecurity</span></a> <a href="https://chaos.social/tags/itsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>itsec</span></a> <a href="https://chaos.social/tags/history" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>history</span></a> <a href="https://chaos.social/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webdev</span></a> <a href="https://chaos.social/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://chaos.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a> <a href="https://chaos.social/tags/botornot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>botornot</span></a></p>
Miguel Afonso Caetano<p>"Regulators around the world are working to address competition issues in digital markets, particularly on mobile devices. Several new laws have already been passed, including the UK’s Digital Markets, Competition and Consumers Act (DMCC), Japan’s Smartphone Act, and the EU’s Digital Markets Act (DMA). Australia and the United States are also considering similar legislation with the U.S. Department of Justice pursuing an antitrust case against Apple. Across all of these efforts, common questions arise: How should competition, user choice, and utility be balanced against security concerns? What is proportionate and necessary in relation to security? And how effective is app store review in practice?</p><p>The DMA is a helpful act to look at as it has been in force the longest and many of these other acts are loosely based on it. The DMA aims to restore contestability, interoperability, choice and fairness back to digital markets in the EU. These fundamental properties of an effectively functioning digital market have been eroded by the extreme power gatekeepers wield via their control of “core platform services”.</p><p>Under the DMA gatekeepers are only allowed to have strictly necessary, proportionate and justified security measures to protect the integrity of the operating system."</p><p><a href="https://open-web-advocacy.org/blog/balancing-security-and-fair-competition/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">open-web-advocacy.org/blog/bal</span><span class="invisible">ancing-security-and-fair-competition/</span></a></p><p><a href="https://tldr.nettime.org/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a> <a href="https://tldr.nettime.org/tags/DMA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DMA</span></a> <a href="https://tldr.nettime.org/tags/Monopolies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Monopolies</span></a> <a href="https://tldr.nettime.org/tags/Oligopolies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Oligopolies</span></a> <a href="https://tldr.nettime.org/tags/Antitrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Antitrust</span></a> <a href="https://tldr.nettime.org/tags/Competition" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Competition</span></a> <a href="https://tldr.nettime.org/tags/Interoperability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Interoperability</span></a> <a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://tldr.nettime.org/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://tldr.nettime.org/tags/OpenWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenWeb</span></a></p>
"Mutant Rob" Robert Rothenberg<p>In other words, some bad bots have been slamming a website at work with an additional 100k requests/day from random IPs, mostly from Vietnam, Brazil, and India. But some from the US, too </p><p>We suspect an AI training bot.</p><p>Many of these seem to be residential IPs.</p><p>They all seem to have common patterns to them. HTTP 1.1, no cookies, only 1-2 requests per day per IP, random UA, no CSS, js or images. Often pages blocked by robots.txt.</p><p>We're wondering if this is due to malware, or some kind of free VPN that rents out users' connections. Or is it Brave browser's Web Discovery project?</p><p>Has anyone else run into this?</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a></p>
boredsquirrel<p><span class="h-card" translate="no"><a href="https://linuxrocks.online/@tuxedocomputers" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tuxedocomputers</span></a></span> </p><p>Warum braucht eure Website Javascript, um Text mit Bildern darzustellen? Ohne <a href="https://tux.social/tags/Javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Javascript</span></a> sehe ich die Fußnoten, das wars.</p><p>Das muss doch nicht sein. <a href="https://tux.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a></p>
WebPerformance Report<p>🔔 Don’t have your report yet? <br>You’re just in time to get this week’s <a href="https://webperf.social/tags/WebPerformance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebPerformance</span></a> Report. <br>Used by experts at Google, Mozilla, Chanel, Airbnb, and more. <br>Get your own report now 👉 <a href="https://webperformancereport.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">webperformancereport.com</span><span class="invisible"></span></a> <br><a href="https://webperf.social/tags/webperf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webperf</span></a> <a href="https://webperf.social/tags/ux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ux</span></a> <a href="https://webperf.social/tags/seo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>seo</span></a> <a href="https://webperf.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a> <a href="https://webperf.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://webperf.social/tags/martech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>martech</span></a> <a href="https://webperf.social/tags/digitalmarketing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>digitalmarketing</span></a></p>
Henning<p>Durch eine absurde Erfahrung mit der <a href="https://berlin.social/tags/Sparkasse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sparkasse</span></a> suche ich nach <a href="https://berlin.social/tags/BullshitBingo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BullshitBingo</span></a> Karten zum Thema <a href="https://berlin.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> (<a href="https://berlin.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a>)</p><p>Bisher:<br>- Einmalcodes per <a href="https://berlin.social/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a><br>- Proprietäre <a href="https://berlin.social/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TOTP</span></a> App statt offener Standards<br>- Support nur per Telefon<br>- Username und Passwort laut durchsagen<br>- Apps nach 5 Minuten von selber sperren<br>- Apps nach 3 Monaten ohne Login sperren, ohne Errorcode oder auffindbare Onlinehilfe ("90 Tage")<br>- App neu installieren, um Problem zu lösen (<a href="https://berlin.social/tags/TOFU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TOFU</span></a>)</p><p>Fällt euch noch was ein?</p>
Open Web Docs<p>We've written a new guide on XS-Leaks: </p><p><a href="https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XS-Leaks" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">developer.mozilla.org/en-US/do</span><span class="invisible">cs/Web/Security/Attacks/XS-Leaks</span></a></p><p>Many thanks to <span class="h-card" translate="no"><a href="https://social.security.plumbing/@freddy" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>freddy</span></a></span>, Hamish Willee, <span class="h-card" translate="no"><a href="https://fosstodon.org/@MartinaKraus11" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>MartinaKraus11</span></a></span>, and <span class="h-card" translate="no"><a href="https://infosec.exchange/@terjanq" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>terjanq</span></a></span> for your reviews and collaboration. <a href="https://front-end.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a></p>
Tib3rius :antiverified:<p>Which lesser-known Burp extensions do you swear by? Share your favorites below! 👇</p><p><a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/BurpSuite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BurpSuite</span></a> <a href="https://infosec.exchange/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a></p>
Ginger (she/her)<p>Fam. What's a good website hosting alternative to Google? i'd like something cheap easy reliable and not evil.</p><p>thanks 🙏🏼🫶🏼</p><p><a href="https://mastodon.social/tags/websitedesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websitedesign</span></a> <a href="https://mastodon.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a> <a href="https://mastodon.social/tags/freepalestine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freepalestine</span></a></p>
WebPerformance Report<p>🎉 WebPerformance Report Week #17 is out and today we celebrate a new milestone! 🚀<br>For the first time, we delivered two reports in one day:<br>✅ Web Performance Report<br>✅ HTTP Header Security Report<br>👉 <a href="https://webperformancereport.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">webperformancereport.com/</span><span class="invisible"></span></a><br><a href="https://webperf.social/tags/webperf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webperf</span></a> <a href="https://webperf.social/tags/corewebvitals" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>corewebvitals</span></a> <a href="https://webperf.social/tags/ux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ux</span></a> <a href="https://webperf.social/tags/seo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>seo</span></a> <a href="https://webperf.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://webperf.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websecurity</span></a></p>
WebPerformance Report<p>New on WebPerformance Report: HTTP Observatory 🎉<br>Check your site's HTTP security headers and get clear, actionable results in your inbox.<br>Thanks to the <span class="h-card" translate="no"><a href="https://mozilla.social/@MDN" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>MDN</span></a></span> team for their technical guidance. 🙌<br>Because great UX should also be secure.<br>👉 <a href="https://webperformancereport.com/httpo" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">webperformancereport.com/httpo</span><span class="invisible"></span></a><br><a href="https://webperf.social/tags/WebPerf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebPerf</span></a> <a href="https://webperf.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://webperf.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p>
Cyberkid<p>Top Web Application PenTesting Tools by Category ⚔️</p><p>🔖Hashtags:<br><a href="https://defcon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://defcon.social/tags/PentestingTools" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PentestingTools</span></a> <a href="https://defcon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EthicalHacking</span></a> <a href="https://defcon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://defcon.social/tags/WebAppSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAppSecurity</span></a> <a href="https://defcon.social/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedTeam</span></a> <a href="https://defcon.social/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP</span></a> <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p><p>⚠️Disclaimer:<br>This content is for educational purposes only. Only use these tools in environments where you have proper authorization. Hacking without permission is illegal and unethical.</p>
Cyberkid<p>SQL Injection (SQLi) 💉 – Everything You Need to Know</p><p>What is SQL Injection?<br>SQL Injection is a code injection technique that allows attackers to interfere with the queries an application makes to its database.</p><p>Types of SQLi:</p><p>1. In-band SQLi – Most common and easy to exploit.</p><p>2. Blind SQLi – Data isn’t visibly returned but can still be extracted through inference.</p><p>3. Out-of-band SQLi – Uses external servers to get results (less common but powerful).</p><p>4. Time-Based Blind SQLi – Server delay used to infer info from the database.</p><p>Attack Scenarios:<br>▫️Bypassing logins<br>▫️Dumping database contents<br>▫️Modifying or deleting data<br>▫️Escalating privileges<br>▫️Accessing admin panels</p><p>Common SQLi Targets:<br>🔹Login forms<br>🔹Search boxes<br>🔹URL parameters<br>🔹Cookies<br>🔹Contact or feedback forms</p><p>How to Prevent SQLi:<br>▪️Use parameterized queries<br>▪️Employ ORM frameworks<br>▪️Sanitize all user inputs<br>▪️Set least privilege for DB users<br>▪️Use Web Application Firewalls (WAF)</p><p>♦️Red Team Tip<br>Test all user input points, especially where data touches the database. Think beyond login forms—SQLi hides in unexpected places.</p><p>🔖Hashtags:<br><a href="https://defcon.social/tags/SQLInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SQLInjection</span></a> <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://defcon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EthicalHacking</span></a> <a href="https://defcon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://defcon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://defcon.social/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedTeam</span></a> <a href="https://defcon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://defcon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a></p><p>⚠️Disclaimer:<br>This content is for educational purposes only. Always perform security testing with explicit permission. Unauthorized testing is illegal and unethical.</p>
Cyberkid<p>Everything About SQL Injection 💉</p><p>What is SQL Injection?<br>SQL Injection is a web vulnerability that lets attackers manipulate database queries. This can lead to unauthorized access, data leaks, or even full control of the system.</p><p>🔬Types of SQL Injection</p><p>1️⃣ Classic SQLi – Injecting raw SQL commands.<br>2️⃣ Blind SQLi – No errors, but the response changes.<br>3️⃣ Time-Based SQLi – Uses response delays to extract data.<br>4️⃣ Union-Based SQLi – Merges malicious queries with valid ones.<br>5️⃣ Out-of-Band SQLi – Exfiltrates data through DNS, HTTP, etc.</p><p>♦️Potential Impact<br>▫️Access &amp; dump sensitive data<br>▫️Bypass login systems<br>▫️Alter or delete database entries<br>▫️Full system compromise</p><p>🔰Common Entry Points<br>▫️Login forms<br>▫️Search inputs<br>▫️Contact forms<br>▫️URL query parameters</p><p>Defense Strategies 🛡<br>✅ Use parameterized queries<br>✅ Validate &amp; sanitize inputs<br>✅ Apply least privilege to DB accounts<br>✅ Monitor logs for anomalies<br>✅ Perform regular security audits</p><p>📀Image Description (for visual):<br>🔹A sleek cyber-themed layout with:<br>🔹A hacker icon injecting code<br>🔹A login form being exploited<br>🔹Database icons showing exposed data<br>🔹A shield labeled “Prepared Statements” blocking the attack</p><p>🔖Tags<br><a href="https://defcon.social/tags/SQLInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SQLInjection</span></a> <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://defcon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EthicalHacking</span></a> <a href="https://defcon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://defcon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://defcon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://defcon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://defcon.social/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP</span></a> <a href="https://defcon.social/tags/DatabaseSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DatabaseSecurity</span></a> <a href="https://defcon.social/tags/HackerTips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerTips</span></a></p><p>⚠️Disclaimer<br>This content is for educational and ethical purposes only. Do not attempt to exploit vulnerabilities without proper authorization. Always follow legal and ethical guidelines when testing or learning about cybersecurity.</p>
Miguel Afonso Caetano<p>"When Let’s Encrypt, a free certificate authority, started issuing 90 day TLS certificates for websites, it was considered a bold move that helped push the ecosystem towards shorter certificate life times. Beforehand, certificate authorities normally issued certificate lifetimes lasting a year or more. With 4.0, Certbot is now supporting Let’s Encrypt’s new capability for six day certificates through ACME profiles and dynamic renewal at:</p><p> - 1/3rd of lifetime left<br> - 1/2 of lifetime left, if the lifetime is shorter than 10 days"</p><p><a href="https://www.eff.org/deeplinks/2025/04/certbot-40-long-live-short-lived-certs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eff.org/deeplinks/2025/04/cert</span><span class="invisible">bot-40-long-live-short-lived-certs</span></a></p><p><a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://tldr.nettime.org/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://tldr.nettime.org/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://tldr.nettime.org/tags/Certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certbot</span></a> <a href="https://tldr.nettime.org/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a></p>
Florian Bierhoff<p>Na endlich! Mit <a href="https://internet-standards.de" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">internet-standards.de</span><span class="invisible"></span></a> existiert nun eine deutschsprachige Instanz von <span class="h-card" translate="no"><a href="https://mastodon.nl/@internet_nl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>internet_nl</span></a></span> mit der man prüfen kann, ob Web- und Mail-Server moderne Sicherheits-Standards erfüllen :green_i: </p><p><a href="https://dreistrom.land/loesungen/internet-standards" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dreistrom.land/loesungen/inter</span><span class="invisible">net-standards</span></a></p><p><a href="https://infosec.exchange/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://infosec.exchange/tags/MailSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MailSecurity</span></a></p>
Miguel Afonso Caetano<p>"API keys are foundational elements for authentication, but relying solely on them is inherently a risky proposal.</p><p>Firstly, there’s the reality that API keys are not securely designed — they were never meant to be used as the sole form of authentication, and as such, they aren’t really built for the task. These keys can often be easily stolen, leaked, or, in some cases (especially if generated incrementally), outright guessed. An API key is suitable for tracking usage but is poor for security.</p><p>There is also the additional reality that keys in their default state lack some critical functionality. There’s not a lot of verification built-in for identity management, and what does exist offers very little in the way of granular access control.</p><p>Ultimately, solely relying on API keys is a mistake common with novice developers but frighteningly common even in advanced products.</p><p>Best Practices<br>Instead of relying heavily on API keys as a sole mechanism, combine those keys with additional approaches such as OAuth 2.0 or mTLS. Implement rigorous expiration and rotation policies to ensure that keys which are made public are only useful for a short amount of time. Consider more advanced approaches, such as IP whitelisting or device fingerprinting, to add another layer of security atop the API key process."</p><p><a href="https://nordicapis.com/9-signs-youre-doing-api-security-wrong/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nordicapis.com/9-signs-youre-d</span><span class="invisible">oing-api-security-wrong/</span></a></p><p><a href="https://tldr.nettime.org/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> <a href="https://tldr.nettime.org/tags/APIs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APIs</span></a> <a href="https://tldr.nettime.org/tags/APISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APISecurity</span></a> <a href="https://tldr.nettime.org/tags/APIDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APIDesign</span></a> <a href="https://tldr.nettime.org/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p>