JMJake MorrisonFeb 25
Last week we had an outage where our API was accepting requests with invalid or missing signatures for about 90 minutes. A junior dev added a .IsValid() check but forgot to actually return early on fa
PJPriya and 1 more commentedSo we had a shared API key in a single env file. Rotating it meant updating prod, staging, and three client apps. We did prod first, thought we were done, deployed a change that referenced the old key
ADAlex and 3 more commentedWe had the classic problem: tokens in AsyncStorage are accessible to any javascript running in the webview. Got paranoid about it after a security audit, so we moved to a hybrid approach that's actual
Join discussionhey guys, I'm new here. I have a question: I was wondering at work how do some e-wallet offer cashback on every transaction made using them and avoiding users making back and forth peer to peer transactions? For example, Mr. A pays Mr. B 100$ and get...
Join discussionWe are looking for an experienced Information Security Officer to design and enforce policies and procedures that protect our organization's computing infrastructure from all forms of security breaches. You will be responsible for identifying vulnera...
Join discussionI have been reading about OAuth and JWT in general. One question that has been troubling me is around authentication of SPA that use APIs to provide data. As per my understanding - SPA shows user a login page. User grants credentials and hits login ...
Join discussionHey there, we're the team from Auth0 and we'll be answering your questions live on Friday 27th March at 5 PM GMT / 10 AM PST / 1 PM ET. Topics we'll cover include but not limited to: Auth0 User Authentication User Management Multifactor Authenticat...
AJDSAjay and 17 more commented