44
votes
Accepted
Security considerations of x86 vs x64
EDIT: To be clear, this answer addresses the question of "Is it more secure to compile my app for 32-bit x86 vs x86-64?", and does not address the question of which hardware is more secure.
...
- 52.2k
15
votes
Accepted
Does insert only db access offer any additional security
The short answer is "Yes", it does offer some additional security as you make it more difficult for an attacker to gain the information these outside users are entering.
The long answer is that a ...
- 266
11
votes
Accepted
CSRF in microservice architecture
TL;DR: handle CSRF on the same place (gateway or a service behind it) where you handle authentication. Or don't use cookies for authentication tokens.
Long version
In a stateless design most common ...
- 1,082
7
votes
Does insert only db access offer any additional security
Absolutely! However, the terminology would be an insert-only user. You would still use the same DB.
Most database servers have a concept of access control internally, which is independent of the OS ...
- 14k
7
votes
Accepted
Ideal system architecture for sensitive data access through DMZ
we have agreed that DMZ shouldn't be connecting to the DB directly.
Agreed.
You state that your database is sensitive, so you should do what you can to protect it.
Your concern seems to be with your ...
- 506
5
votes
Is authentication + authorization a good idea at gateway level when using microservices?
How are your microservices locked down?
If an attacker is internal or finds a weakness somewhere else within your organization and attacks your microservices are they completely segergated so only ...
- 3,270
5
votes
In general terms does the use of ARM architecture pose any security benefits or risks over other architectures such as x86 and x64?
If Spectre and Meltdown have proven one thing, then this: the entire industry has an extremely cavalier attitude towards piling ever more complex optimizations with ever more complex interactions on ...
- 1,290
4
votes
In general terms does the use of ARM architecture pose any security benefits or risks over other architectures such as x86 and x64?
While there's no clear security benefit or cost from CISC vs. RISC, it may in practice be slightly harder to achieve return-oriented programming (ROP) chains for arbitrary execution on ARM. ROP ...
- 52.2k
3
votes
Is authentication + authorization a good idea at gateway level when using microservices?
It is not necessarily a bad idea but I believe it is a little bit over complicated. From the information you have given us, I do not understand the need for the gateway at all.
First off, I will ...
- 2,751
3
votes
2 vs 3 tier network architecture
The way you are thinking about the problem is running you into trouble. It is not the DMZ or the tiers that improve security; it's the separation of the access and the data.
A DMZ is one way to ...
- 132k
3
votes
How can an old hardware lead to a security failure?
"Lack of processing power" is not a security hole.
There are things like eg. DDOS: sending more requests to a system (webserver etc.) than it can handle, leading to normal users getting their ...
- 3,874
3
votes
CSRF in microservice architecture
CSRF is only an issue with browsers (and apps embedding a browser like a Web view in a mobile app), so there's no need to implement protection for machine to machine communication, as those use an ...
- 12.9k
3
votes
Accepted
Do I need OAuth to pass an API key of a service (now it is passed via copy-paste)?
You need to consider several factors here. I hope your API key do have an expiration time ? Even if it do so, it is vulnerable to a replay attack if an adversary get hold into your HTTPS request. As a ...
- 1,317
3
votes
What are the new risks of using hyperconvergent systems?
I disagree with @JulianKnight's comment there is a different set of risks introduced by the new converged infrastructure. Last time we had converged infrastructure the network aspect of computing was ...
- 5,897
3
votes
Accepted
Vulnerability in which part of the Android architecture would allow an attacker to take control of the hardware
Specifically, is it the Linux Kernel, the Android OS, or the DVM?
All of this. And also the firmware.
Bugs in the virtual machine would allow the attacker to change what an application is supposed to ...
- 208k
3
votes
Accepted
End To End Encryption Model
First thing: this is not E2E. The server holds the private key for resource groups, so it can decrypt/log/change anything. A developer or database administrator is in position to compromise all data.
...
- 55.5k
3
votes
Ideal system architecture for sensitive data access through DMZ
As per my view, the variant B is by far the better one.
"After discussing with my team, we have agreed that DMZ shouldn't be
connecting to the DB directly."
Basically, I have the same ...
- 347
2
votes
Accepted
Msfvenom meterpreter android architectures
The ART runtime/architecture was introduced in android 4.4.
It completely replaced the dalvik runtime in android 5.0.
So maybe you should use this knowledge to help you decide which architecture ...
- 679
2
votes
Self signed SSL certificate in multiple devices - Is this secure enough?
If you have control over both the client and the server, you can use self-signed certificates securely. The best way to do this is to create a private self-signed root CA, and use that to sign the ...
- 34.4k
2
votes
Accepted
Active directory based permissions SID, username or email?
Your question is a bit unclear, but it sounds like you want to grant permissions in your app using AD properties associated with an account the user authenticates with. If that's correct, you should ...
- 8,466
2
votes
How does a smart card work?
A smart card is indeed a complete system on a chip including a microprocessor. Depending on the card, it may have on-die encryption algorithms, storage (up to at 144kB or more), a directory-based ...
- 34.7k
2
votes
Accepted
Multi Factor and order of authentication
The reason to prompt for the password factor first instead of the second factor tends to be either to prevent harassment of the user or to reduce costs associated with usage of the 2FA service.
For ...
- 8,466
2
votes
a chain of 3 federated IdPs
I've seen implemented a similar pattern - where a number of "originating" IAM solutions that was where users "lived" where mapped to an external supplier (in this case, a Salesforce based app), by ...
- 232
2
votes
Accepted
Exploiting a service on 32bit OS on a 64bit processor with ShellCode
The specifics may depend on exactly which architecture pair you are referring to (e.g. amd64 vs x86 or ARM64 vs ARM) and which OS you are referring to. But generally, while the underlying hardware may ...
- 13.2k
2
votes
Accepted
Is it acceptable to have SPA + API from security point of view?
It depends on the security features you have planned to implement in the proxy layer. From your description it sounds like a more or less transparent facade pattern, which wouldn't add too much in ...
- 7,545
1
vote
2 vs 3 tier network architecture
My understanding of the OP: 2-tier = logic running in web browser is light/UI, web server deals with presentation and business logic, second tier is a DB or data store. Could be a PHP performing CRUD ...
- 83
1
vote
Accepted
2 vs 3 tier network architecture
In a nutshell the main capability that adding the app tier provides from a security perspective is more precise control over the access to the data. There are many different ways this can be ...
- 3,099
1
vote
Separation of devices for VPN / Firewall
Not really an useful idea to keep them separate. Splitting FW and VPN rarely actually helps. The only possible scenario when this would be good for something would be a successful DoS attack that ...
- 8,939
1
vote
what are steps to do in order to secure my appli web
I would strongly recommend you enumerate the critical assets of your web applications first. For example, consider the following:
Does your web application process, transmit or store critical data? (...
- 153
Only top scored, non community-wiki answers of a minimum length are eligible