サクサク読めて、
アプリ限定の機能も多数!
アプリで開く
徳丸浩の自己紹介 • 経歴 – 1985年 京セラ株式会社入社 – 1995年 京セラコミュニケーションシステム株式会社(KCCS)に出向・転籍 – 2008年 KCCS退職、HASHコンサルティング株式会社(現社名:EGセキュアソリューションズ株式会社)設立 • 経験したこと – 京セラ入社当時はCAD、計算幾何学、数値シミュレーションなどを担当 – その後、企業向けパッケージソフトの企画・開発・事業化を担当 – 1999年から、携帯電話向けインフラ、プラットフォームの企画・開発を担当 Webアプリケーションのセキュリティ問題に直面、研究、社内展開、寄稿などを開始 – 2004年にKCCS社内ベンチャーとしてWebアプリケーションセキュリティ事業を立ち上げ • 現在 – – – – EGセキュアソリューションズ株式会社取締役CTO https://www.eg-secure.co.jp/
Back toBlogMonday, October 23rd2023 How to Think AboutSecurity inNext.jsPosted byReact Server Components (RSC) in App Router is a novel paradigm that eliminates much of the redundancy and potential risks linked with conventional methods. Given the newness, developers and subsequentlysecurity teams may findit challenging to align their existingsecurity protocols with this model. This docume
Deleted articles cannot be recovered. Draft of this article would be also deleted. Are you sure you want to delete this article? pictBLandとpictSQUAREに対する不正アクセスがあり、パスワードがソルトなしのMD5ハッシュで保存されていたことが話題になっています。2023年8月16日に外部のフォーラムにpictSQUAREより窃取した情報と主張するデータ販売の取引を持ち掛ける投稿が行われた(中略)パスワードはMD5によるハッシュ化は行われているもののソルト付与は行われていなかったため、単純なパスワードが使用されていた29万4512件は元の文字列が判明していると投稿。(それ以外の26万8172件はまだMD5ハッシュ化されたままと説明。) 不正アクセス
JavaScript’s Backtick Strings are Likely the Wrong Tool for Your Job I am very disappointed in how the officialReact documentation recommends webuild URL strings to queryAPIs inJavaScript. I was reading about custom hooks and came across this: fetch(`/api/cities?country=${country}`) .then(response => response.json()) .then(json => { if (!ignore) { setCities(json); } }); This code works correct
Pleasenote that this article is outdated (August2022). Importantly, the article does not claim that any datalogging or transmission is actively occurring. Instead,it highlights the potentialtechnical capabilities of in-app browsers to injectJavaScript code, which could theoretically be used to monitor user interactions. Last week I published areport on the risks of mobile apps using in-app
A few months ago we saw a post on the r/programminghorror subreddit: A developer describes the struggle of identifying a syntaxerror resulting from an invisible Unicode character hidden inJavaScript source code. This post inspired an idea: What if a backdoor literally cannot be seen and thus evades detection even from thorough code reviews?Just as we were finishing up thisblog post, a team at
Popular npm library 'coa' was hijacked today with malicious code injected intoit, ephemerally impactingReact pipelines around the world. The 'coa' library, short for Command-Option-Argument, receives about 9 million weekly downloads on npm, and is used by almost 5 million open source repositories onGitHub. Hours after this discovery, another commonly used npm component 'rc' was also found to ha
I’ve usedGoogle Fonts in prototypes and in 10M+ MAU products.It’s incredibly easy to get started with and provides an amazing font discovery. That’s also whyit’s currently still used on over 42M websites! This convenience hasits price: Performance. Many have already pointed out the cost of multiplerequests. If you want the remaining speed boost, then you’re best off downloading your usedGoog
Don't Copy Paste Into A ShellWhen you see a shell command on the Internet, do not copyit into yourterminal. ModernJavaScriptClipboardAPIs allow a website to trivially overwrite what you put inside yourclipboard, without the user's confirmation or permission. Here is an example of how easyit is to perform this attack. Imagine that the redtext below is a shell command you want to use. Below
1リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
