The US National Institute of Standards and Technology (NIST) has declared in its Digital Authentication Guideline that SMS-based two-factor authentication should be banned due to security concerns [End of SMS-based 2-Factor Authentication; Yes, It's Insecure!]. We explain why in this blog.
ReadOur paper entitled Adversarial Training for Deep Learning-based Intrusion Detection Systems presented at the International Conference on Systesm (ICONS2021) has received the best paper award!
ReadPHP Secure Software Development
PHP Code Sniffer is a great tool to make sure your code is nicely written. Next to the default rules, you can also install and use additional rules (sniffs) to further enhance your code. Is here how to use PHPCS to detect (and remove) all unnecessary 'use' statements in your code.
ReadSince version 2.6.0, the Multi-Agent Ranking framework (MARk) offers the possibility to integrate images and other files in the reports generated by your detectors. Here is how...
ReadRecently I have encountered an error I wasn't too familiar with how to resolve, working with the ELK Stack. This specific error is the "[circuit_breaking_exception] [parent] Data too large, data for [<http_request>]". It is not directly visible where the error originates from, but with some sleuthing I discovered that it is caused by Elasticsearch preventing some requests from executing to avoid possible out of memory errors, as detailed in Elasticsearch Circuit Breaker documentation.
ReadGitLab is a very powerful tool, and it also implements decent security measures and protections. But still, by default all your work on GitLab is protected by a single password, which could be guessed or stolen. To add an additional layer of protection, you can (and should) configure 2-Factor Authentication (2FA).
ReadIn this video tutorial we show how to build a small network with Packet Tracer.
ReadIf you want to share a terminal session, you can record a video of your terminal window, and share it on something like YouTube or vimeo. Or you can can use asciinema! asciinema actually only records the text input and output of your terminal (stdin, stdout and stderr). This means that the recordings are extremely light (it only contains text and timing), while the text remains perfectly readable. You can also easily share and embed your recordings on your website using some javascript code.
ReadIn this blog post we continue our series about testing a web application with Selenium. This time we will show how to integrate Selenium with PHPUnit tests and assertions.
ReadThe Multi-Agent Ranking framework (MARk) allows to quickly build ranking and detection systems by combing building blocks. In this blog post, we show how to use the file data source to inject data into the system...
ReadOnce you have https enabled for your website (with Letsencrypt for example), you should make sure all your users use the secure version of the site. Typically this done using a redirect. However this still leaves a window of opportunity (the initial HTTP connection) for an attacker to downgrade or redirect the request. With a Strict Transport Security header, you can force a browser to only connect to your server using HTTPS.
ReadOptimizing you web app from the browser side is an important concern, to provide a pleasant experience to your users. It will also reduce the traffic on your servers. In this post we show how to implement static content caching and cache busting on a Laravel application.
Read