Cerbos’ Post

#springsecurity #springboot #javadeveloper #revision #knowledgesharing In this image, I explain the basics of Spring Security and how a simple login application works with a user details service, illustrating the step-by-step process from request to response. Key components involved include: Http Session: ============= This component manages session information between the client and server, ensuring stateful communication. Principal:The 'principal' represents the currently authenticated user. It holds the identity and, possibly, the roles of the user during their interaction with the system. UserDetailsService: ============== This interface provides a way for Spring Security to retrieve user-related data, such as username, password, and authorities, typically from a database or any other source. WebSecurityConfigurerAdapter: ===================== This class allows you to customize the security configuration of your web application. By extending this class and overriding its methods, you can define security rules, such as URL patterns to secure, authentication mechanisms, and authorization policies.

Rant alert 🚨 Devs that set clients up with a VPS and think you can just leave it once setup. And I use the word "setup" very loosely. Adding nginx/apache/lightspeed and a database on a VPS alone is not sufficient. Where's the security setup? When are OS and software updates meant to run? All that's happened is the client is provided with a ticking time bomb because if it doesn't eventually fall over due to a lack of maintenance, it's going to get hacked relatively easily. If the intention is to set it up and leave it, at least make sure it's on a managed service like cloudways or serverpilot to manage it.

I have been using Local WP to run my test site. I had to fix a mistake today. After testing a Security Plugin and activating 2FA, I realised I could not remember the password. It locked me out of the site. I looked at my options to get back in. I could not find where the Admin Password was stored. So I decided to see if I could remove the plugin from the database. I found the directory where the plugins are stored and removed the plugin folder. This fixed my issue and I could auto log back in. For good measure, I reset the password and noted it down for future reference. Take Away. Always record your password. See if you can find a solution to fix the issue without starting again. Search for the answer via the search engine of your choice. #wordpress #training #wordpresswebsite #wordpressplugin #wordpressdesign

BIND UPDATES FIX FOUR HIGH-SEVERITY DOS BUGS IN THE DNS SOFTWARE SUITE

A CORS error occurs when a web page from one domain tries to make a request to a server hosted on another domain, and the server refuses to fulfill the request due to security restrictions. To fix a Cors error during development

1Password & 2FA: Is it Safe to Store Passwords and 2FA Codes Together? | 1Password

Providing Software Composition Analysis (SCA) services is crucial to ensure the safety and security of your custom application. With our tools, we generate SBOMs with CVEs with each and every scan, so you can focus your limited resources on high-value work. Don't wait for a breach to happen, know what's in your app today. #sbom #appdevelopment #devops Read more about the NSA's latest guidance on open-source software and SBOMs in 2024: https://lnkd.in/gAX3yt3A

I learn all of the basics of how web applications work and begin to look at them from an information security perspective. an some basic web vulnerabilities like broken authentication and access control, SQL injection..

⚠️ Important tip If you suspect your website was hacked or infected with malicious code: DON'T RUN REGULAR WP-CLI COMMANDS ON IT! With most regular commands WP-CLI will execute the malicious code just like your web server, however it will have elevated privileges as well. Read more here: https://lnkd.in/grg8XVxZ