Category Archives: Security
Web – Android development changes about Data Safety section.
Effective July 20, 2022: We’re adding a new Data Safety section to the User Data policy where developers must provide accurate information related to personal or sensitive user data their apps collect, use, or share. All apps must also post a privacy policy in the Google Play Console and within the app itself. See this webpage.… Read More »
PowerShell tips – part 024.
You can access the certificate store using MMC or using CertMgr.msc command. This will show you all certificates in the Local Machines Personal Store:
1 | PS C:\Users\catafest> Get-ChildItem -path cert:\LocalMachine\My |
This will show info about one certificate result on the first PowerShell command:
1 2 3 4 5 6 7 8 | PS C:\Users\catafest> Get-ChildItem Cert:\LocalMachine\My\XXX | Select @{N='StartDate';E={$_.NotBefore}}, >> @{N='EndDate';E={$_.NotAfter}}, >> @{N='DaysRemaining';E={($_.NotAfter - (Get-Date)).Days}} >> StartDate EndDate DaysRemaining --------- ------- ------------- 6/2/2019 8:17:27 AM 6/2/2022 8:17:27 AM -24 |
Also, you can test many PowerShell commands about certificates, like:
1 2 3 4 | PS C:\Users\catafest> Get-PSDrive cert | ft -AutoSize PS C:\Users\catafest> Get-ChildItem Cert:\LocalMachine\Root\ | where{$_.Friendly Name -eq 'DigiCert'} ... |
For the remote servers, we… Read More »
Security – clean and flush your internet settings.
By default, most operating systems will cache IP addresses and other Domain Name System (DNS) records in order to fulfill future requests more quickly. I type in http://free-tutorials.org in my browser’s address bar for the first time, and the browser has to ask DNS servers where to find the site. That information, the browser can… Read More »
Security – QUIC and web browsers.
Originally announced in 2013, QUIC (Quick UDP Internet Connections) is an experimental network protocol, which runs on top of the UDP protocol and is usually requested through port 443 with an Alternative Service HTTP request header flag. … QUIC requests are often made through the same port (443) that is used for TCP requests. The… Read More »
Security – PVS‑Studio.
The development team comes with this intro: PVS‑Studio is a static analyzer on guard of code quality, security known ad SAST, and code safety. PVS‑Studio detects various errors – typos, dead code, and potential vulnerabilities (Static Application Security Testing, SAST). The analyzer matches warnings to the Common Weakness Enumeration, SEI CERT Coding Standards, and supports… Read More »
Security – XXE external entity attack.
XXE known ad XML eXternal Entities is an application security weakness by compromised data processed by an insecurely configured XML parser. XML files may contain the document type definition known as DTD, which describes the structure of an XML file. DTD allows us to define and use XML entities. Let’s see one example:
1 2 3 4 5 6 7 | <?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE order [ <!ENTITY lol SYSTEM "file:///D:/texts.txt"> ]> <order> <itemID>&lol;</itemID> </order> |
If… Read More »
Google – Use spreadsheet with codepen.
If you want to share your spreadsheet from your Google Drive then you need to have proper security settings. This settings can be done from main menu : File – Share – Publish to web, see the next image: See the Pen google_001 by Cătălin George Feștilă (@catafest) on CodePen. This is a simple example… Read More »