Ask HN: What's the hardest thing to secure in a web-app?

fulafel6y ago· 2 in thread

Robust confidentiality against traffic analysis is one.

Can you explain what you mean by "confidentiality against traffic analysis"?

TA is a tern of art in crypto. It means you can deduce what the parties are communicating and who they are by statistically analysing the sizes, timings and addresses of messages. In practice - it's easy for an eavesdropper to see you are using Gmail, and also possible to deduce whether your email content matches some known messages the eavesdropper possibly has seen before. Etc. One widely known tech that tries to mitigate TA is Tor.

codegladiator6y ago· 2 in thread

Do you mean like credit card number ?

juansgaitanOP6y ago

Could be. What do we need to ensure credit card number security for example?

cableshaft6y ago

Don't ask for one is by far the best way.

If you absolutely need to do credit card payments, then consider using a third party system to handle it (like Stripe).

westurner6y ago

"OWASP Top 10 Most Critical Web Application Security Risks" https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Proje...

> A1:2017-Injection, A2:2017-Broken Authentication, A3:2017-Sensitive Data Exposure, A4:2017-XML External Entities (XXE), A5:2017-Broken Access Control, A6:2017-Security Misconfiguration, A7:2017-Cross-Site Scripting (XSS), A8:2017-Insecure Deserialization, A9:2017-Using Components with Known Vulnerabilities, A10:2017-Insufficient Logging&Monitoring

"OWASP Top 10 compared to SANS CWE 25" https://www.templarbit.com/blog/2018/02/08/owasp-top-10-vs-s...

Ask HN: What's the hardest thing to secure in a web-app?

Ask HN: What's the hardest thing to secure in a web-app?

7 comments

7 comments