Discover and read the best of Twitter Threads about #http

Most recents (13)

[1/9] Starker Post zum Thema @FlareNetworks #API-Portal! 💪

Die Schnittstelle schlechthin um z.B. über #HTTP-#GET (+#POST) Anfragen, Zustände (#States) der angefragten #Blockchains (+#DLTs) zu erhalten

Mein praktisches Beispiel für die Zukunft: Ein 🧵
[2/9] Für alle die meine Zusammenfassung zur #FlareNetworks x #GoogleCloudTech (#GCP) Partnerschaft verpasst hatten, hier der Deepdive:

[3/9] Ich pflege derzeit für ein Portfolio von Assets (#Cash, #Immobilien, #Aktien, #Edelmetalle und #Krypto) eine selbstgebastelte Excel, die mir per API, je nach Wunsch, aktualisierte Zahlen liefert 💪 Types of Investments: Stock...
Read 10 tweets
HTTP Status codes you should know about.

Thread 🧵👇 Image
The are 5 categories are used to group the HTTP responses:

1. Informational responses (100–199)

2. Successful responses (200–299)

3. Redirection messages (300–399)

4. Client error responses (400–499)

5. Server error responses (500–599)
200 - OK

The HTTP response status code 200 is the standard response for successful HTTP requests.

The server responded with "OK" to indicate that the request was successful.
Read 16 tweets
Another new idea for #PenetrationTesting and #Bug-hunting:

Tester:
Enhance the force of #vulnerabilities by doing things like
I discovered a free #URL that leads somewhere else.
Put this in my report and move on ?
To the contrary, changing the #payload allowed me to transform it into a reflected #XSS #vulnerability. Is this the final question?
Obviously not if I have any hope of carrying on.
This web app used #JWT tokens that were transmitted in the bearer header, and for some reason, there were three more cookies that also contained this token.
Only two of them were secure with #HTTP Only.
Just a wild guess.
Read 5 tweets
#Learn365 - Day 5⃣

CORS Headers. 🤔

What are they ? And how they bypass SOP ?

Learn about them in this thread 🧵👇

#infosec #bugbountytips #CORS #http
In last thread, we talked about SOP, while SOP blocks the response, CORS is use to bypass SOP the most sensible way.

CORS is Cross Origin Resource Sharing.

It allows sharing response across different origins possible. Can we call it Bypassing SOP ?

Yes.
Lets say,

Domain A wants to Talk to Domain B for getting some information.

A
Read 7 tweets
#Learn365 - Day 4⃣

SOP 🫧, Same Origin Policy.
A browser security framework that every #hacker should know.

Know what is it in this thread 🧵👇

#infosec #security #appsec #cybersecurity #SOP #http Image
SOP is browser security model, and I find lot of folks out there, who still dont understand it in and out.
Let me cover it here, in few threads.

Let's Start.
It is a browser security model 🔥. Now what does that means ?
It simply means this control is enforced by browser to make user visiting a site more secure from attackers.

Browser creates virtual boundaries to segregate sites and this boundary is identified with ORIGINS.
Read 9 tweets
So I’ve been writing a weekly 1000 odd word newsletter on #Web3 since the start of the year. I’ve been meaning to see how one of them looks summarised as a tweet 🧵. Please ❤️ + RT. Here goes… 👇👇👇
1/ TLDR; if you do want to move away from #Ethereum or one of its layer 2 networks, make sure you pick an alternative that is #EVM compatible.
2/ In earlier years enterprises would spin up their own permissioned #blockchain network using technologies such as @ConsenSysQuorum or @Cordablockchain. However, the creation of these networks move slowly as far as onboarding participants is concerned.
Read 17 tweets
@auteur_Remo @pietgoestweet @ArmandVervaeck Ik respecteer je mening maar misschien moeten we #Bitcoin ook eens van een andere, meer technische invalshoek bekijken. #Emoties laaien altijd hoog op in tijden van een #dump of #flashcrash zoals gisteren. Laat me je even meenemen naar het begin van de jaren 80. 1/7
@auteur_Remo @pietgoestweet @ArmandVervaeck In de vroege jaren 80 is #SMTP ontstaan, het wereldwijde protocol om e-mails te versturen. Iedereen gebruikt dat protocol vandaag de dag nog. Je ziet het alleen niet. Het zit ingebakken in je mailapplicatie. Ondertussen zijn tal van mailclients op deze #basislaag ontwikkeld. 2/7
@auteur_Remo @pietgoestweet @ArmandVervaeck Fast forward naar eind jaren 90, het ontstaan van het #HTTP protocol of de #basislaag van het #Internet en tal van andere lokale netwerken. We gebruiken dagelijks Facebook, Instagram, websites, webapplicaties, noem maar op. Allemaal gebaseerd op ... het #HTTP protocol. 3/7
Read 7 tweets
Why the internet is not only 500% too slow but also in a crisis: Follow this thread to read about it in just 5 Steps.

(based on @Sentivate's Universal Web project and the idea of @tommarchi and his team.)
1. The Internet is structured by different layers: Physical Network (underground cables) Data-Link (WiFi/Lan) and Network Layer (IP-Adresses). You can picture this as the infrastructure of the internet.
2. Problem: We have too much traffic. More and more devices are trying to drive on the metaphorical streets (Computer, Smartphones, your refrigerator, #IoT's etc.), but if the streets are full of cars, it will cause traffic jams aka a #Bandwidthcrisis.
Read 12 tweets
(1/of a few) Doing some training #threathunting runs with #suricata -with pcap from bit.ly/3jNUCyw
Fun fact: Alerts count only for 8% of the total logs produced - we also have protocol logs like Flow records, KRB5, SMB, DNS, TLS, HTTP, DCERPC,Fileinfo Image
(2/of a few)
Just as regular protocol and flow logging of #Suricata gives us:

633 FLOW logs
295 HTTP logs
182 TLS logs
130 DNS logs
114 SMB logs
90 DCERPC logs
66 FILEINFO logs
23 KRB5 logs
2 NTP logs

Let's see some examples of the generated data...
(3/of a few)
Quick and dirty cmd look at the DNS logs generated by #Suricata gives us the domain list for our #threathunting review
Couple of those jump out (at lest to me) Image
Read 17 tweets
Even though I haven't been a big fan of Twitter threads so far, a lot of people I know have made 100-tweet threads for @threadapalooza so I thought I'll give it a try as well. I will start with #APIs and hopefully end up connecting them with the #FutureOfWork. Let's go ...

🧵⬇️
First of all, when I talk about #APIs, I mean HTTP-based interfaces connecting apps and backend servers as well as different services with each other. For now, the technical details, such as whether they use REST, GraphQL, gRPC etc., shall not matter. (1/100)
When humans interact with computers they require a user interface (UI), and when machines interact with each other they need application programming interfaces (APIs). At the end of the day, however, these have to be implemented by humans. Good #APIDesign considers both. (2/100)
Read 101 tweets
From now until Christmas, I will try to share something from my notes / research every day - most of them are old but might still be useful to remember #XMas2020 #AppSec #Web #HTTP
"max-forwards" http header:
- limit the number of proxies a request can traverse.
- not hop-by-hop
- can't go in the Trailer header

Some usage example:
old: securiteam.com/securityreview…
old: counting servers (proxies) in the middle
new: portswigger.net/research/crack… Image
In something like JS
/*/ comment /*/
is the same as
/* comment */
, makes sense, right? But MSSQL sees it as
/* comment /*...
more interestingly, if you want to close it, you need 2 */
This is important when injections go into multiple places and newline is involved! Image
Read 26 tweets
Intro/1 Lo Stato italiano spende ogni anno in ricerca di
base €6 MLD e in ricerca applicata €3 MLD - in tutto lo
0,5% del PIL - che è la metà di quello che spendono i
Paesi del Nord Europa #UgoAmaldi
Intro/2 Ciò ha conseguenze deleterie sulla nostra
competitività perché la ricerca pubblica è il motore
dell’innovazione tecnologica e dell’introduzione di
nuove forme di lavoro #UgoAmaldi
Intro/3 Il dopo-pandemia è il momento opportuno per
colmare il ritardo italiano nella ricerca pubblica
cominciando con l’aggiungere €1,5 MLD al bilancio 2021
della ricerca pubblica e continuando negli anni
successivi in modo da raggiungere l’1,1% del PIL nel
2026 #UgoAmaldi
Read 57 tweets
Bir yazılım geliştiricinin bilmesi gerekenlerle ilgili 15 maddelik flood geliyor.. Mümkün olduğunca fazla keywordü bir araya toplamaya çalıştım.
Hadi Başlıyoruz!

#Developer #Software #Java #code #kod #yazılım #development #computer #bilgisayar #tool #PC #IT #web #tech #data
1-Temel veri yapıları (linkedList, map, tree vb) ve temel algoritmalar (sıralama, arama vb)

Sıfırdan kodlama ihtiyacınız büyük ihtimalle hiç olmayacak. Ancak ihtiyaç anında doğru yerde doğrusunu seçebilmek için o veri yapısının veya algoritmanın nasıl çalıştığını bilmeniz şart
2- Network Temelleri

OSI Modelini ve 7 katmanı; temel protokolleri(#TCP-IP, TCP-UDP, #HTTP, #FTP), güvenlik protokollerini(#HTTPS, #SFTP, #SSL), monitoring protokolleri(#SNMP, ICMP) bilmekte fayda var. Ayrıca ağ ekipmanlarının görevlerini tanımak ve 7Layer yerlerini bilmek lazım
Read 16 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!