- Ashish Jha's Official Blog
- ask[@]ashishjha.com
Security
January 9, 2021
Charles Miller’s article, “Persistent Login Cookie Best Practice,”[1] describes a relatively secure approach to implementing the familiar “Remember Me” option for web sites. In this article, I propose an improvement that retains all the benefits of that approach but also makes it possible to detect when a persistent login cookie has been stolen and used by an attacker. Review: To summarize Miller’s design: When the user successfully logs in with Remember Me checked, a login cookie is issued in addition to the standard session management cookie.[2] The login cookie contains the user’s username and a random number (the “token” from here […]
January 4, 2021
Cookies are one of the most important elements in web applications, but unfortunately, many developers use it very loosely thus increasing the security risks to the website. I will teach here the importance of HTTP Cookies and best practices for using it securely in web applications. Lets gets started 🙂 What is a Cookie? Cookies are text files with small pieces of data that is used to identify your computer as you use a computer network. Specific cookies known as HTTP cookies are used to identify specific users and improve your web browsing experience. Cookies are simple mechanisms to make HTTP […]
January 3, 2021
Hey friends, Do you want to launch your own production cloud server but don’t have the budget to hire dedicated security professional for implementing security on your server. Worry no further. I will teach you in this article how you can secure your Ubuntu Server for production Usage in few simple steps. Although these steps have been performed on Ubuntu 20.04.1 LTs with root privileges, it can work on any Linux distro with little changes. Keep Your Server Updated An extremely crucial part of hardening any server/system is to ensure that it is always kept up-to-date. Keeping your server updated means […]
October 28, 2020
In this article, we will be checking out a few important and basic concepts about authentication and authorizations which will help us make better authentication solutions for our applications in the future. Important Terms/Concepts Identity Identity basically refers to the data which defines who/what is accessing the application/system. Identity can be used for users, devices, services & applications. It is basically a collection of data attributes that contains but not limited to username, email address, first name, last name, application id, client id, API key etc. It is generally managed by databases like SQL or Active Directory. The server which is […]
June 27, 2020
Docker can be used to install LAMP stack on any platform in just few simple steps. Docker is easy to install and manage and this gives full control on the configurations of your environment. Along with this, docker also ensures that your application runs perfectly fine after deployment across platforms. Check if the docker is installed or not? First step is to check if docker is installed on your computer or not. If it is not installed, it should be installed first before moving to next step. Docker comes in many flavors and it can be installed on any platform be […]