xoph @xophham - Twitter Profile

xoph @xophham

over 1 year ago

@Francis_Mull_ @PrangerInfo https://t.co/Cx257jvlx1 😉

0

2

xoph @xophham

over 1 year ago

@PrangerInfo Ohne weitere Tools: https://t.co/Cx257juNHt

1

0

7

xoph @xophham

over 2 years ago

@albinowax @LiveOverflow @albinowax I tend to agree with that differences are subtle, but will still argue that modern browser security features make meaningful CSRF harder to pull off than XSS, but that's certainly more of an interesting discussion over a few beers than an absolute truth

0

1

0

110

xoph @xophham

over 2 years ago

@LiveOverflow Besides its elegancy, using "double submit" you can even make that idea stateless (server side) https://t.co/BRHTGN7wcN

0

22

Who to follow

PhD in applied cryptography. Solving payment clearing at @0x4Mica for our cute little AI agents. Ex-CTO @3milabs.

Ana_Abdullah

@Muhamma62740200

○بِسۡمِ اللّٰہِ الرَّحۡمٰنِ الرَّحِیۡمِ○ شروع کرتا ہوں اللہ تعالٰی کے نام سے جو بڑا مہربان نہایت رحم والا ہے ۔

xoph @xophham

over 2 years ago

@LiveOverflow As mentioned in my original post, the idea is somewhat contained in certain CSRF Token concepts. You can even do a js-accessible-cookie-to-non-cookie-header move and keep both in cookie storage, as the required intermittent js requires some "local" action https://t.co/PCEzsk8mR5

1

0

28

xoph @xophham

over 2 years ago

@LiveOverflow Note: choose between session or local storage wisely 🧙‍♂️

0

777

xoph @xophham

over 2 years ago

@LiveOverflow Ultimatley, you have to choose the lesser of two evils 🤷‍♂️ For strong protection: 🍪+💾 Using secure cookies in combination with locally stored tokens, the former protects against XSS exfiltration of tokens while the latter protects against CSRF. Sort of the CSRF token pattern.

1

8

0

4

8K

xoph @xophham

over 2 years ago

@roter_pander 👋

0

9

xoph @xophham

almost 3 years ago

Searching for a hardware/IoT product to perform security assessment ⌚️🛰🎮🎰🦼🛵⛽️🛸 You will get a free security assessment in return 🆓️ For more details: https://t.co/TQynCGkrO8

0

68

xoph @xophham

almost 3 years ago

@LilithWittmann Cool, irresponsible disclosure is the new gold standard in IT security

0

749

xoph @xophham

over 3 years ago

@WebSecAcademy Let me know if I can help with more details and where to share

1

0

29

xoph @xophham

over 3 years ago

@WebSecAcademy you have a vulnerability in your labs 😜 But for real, there is an XSS in many of the labs at `GET /post/comment/confirmation?postId=">😈`. Don't consider it an issue for purposely vulnerable labs (hence the irresponsible disclosure), but it allows for cheating 🤷‍♂️

2

0

108

xoph @xophham

over 3 years ago

Examples for accidentally vulnerable labs are: https://t.co/SEqVjBWDeI https://t.co/es1rFcAvnP

0

58

xoph @xophham

over 3 years ago

@WebSecAcademy Awesome writeup 🚀 in fact just the moment when we were thinking about SSO potentially requiring SameSite lax and the implications of that for the security of the product. Perfect timing 😁

0

52

xoph @xophham

over 4 years ago

@PuDiJoglekar @developerguyba @rpkatz @PuDiJoglekar thanks for the great event! Was a lot of fun to explore Connaisseur together 😊

0

1

0

xoph @xophham

over 4 years ago

Great spirit for life in general

Arsh Sharma @RinkiyaKeDad

over 4 years ago

Hello tech twitter 👋 here's a reminder to please be kind to folks when communicating, especially in open source projects. You never know what a person in the opposite end of the world is going through and being kind doesn't hurt regardless :)

5

115

19

1

0

2

0

xoph @xophham

over 4 years ago

Super excited to be on TGIK by @VMwareTanzu and see @PuDiJoglekar play around with Connaisseur 👨‍💻 Hope many of you join and share their thoughts and ideas on Connaisseur and container signing in general!

0

3

1

0

xophham retweeted

Klima-Allianz Deutschland @klima_allianz

over 4 years ago

#Solarenergie ist inzwischen sehr günstig. Was es jetzt braucht, um beim Solarausbau in Deutschland durchzustarten, weiß Handwerksmeister Stefan Kutscher. 👇👇👇 #fuerunsalle

5

108

38

2

0

xoph @xophham

over 4 years ago

Connaisseur v2.2 is out 🚀 It contains improvements to usability and compatibility. For more details checkout the article 👇 (demo and gif included 😜) https://t.co/4pHPUrJ9R5

0

1

2

0

xophham retweeted

Clint Gibler

@clintgibler

over 4 years ago

🐳 Verify Container Signatures in #Kubernetes using Notary or Cosign Connaisseur: an admission controller to integrate container image signature verification and trust pinning into a k8s cluster v2 adds support for multiple keys and signature solutions https://t.co/yhCrDSrZgJ

clintgibler's tweet photo. 🐳 Verify Container Signatures in #Kubernetes using Notary or Cosign

Connaisseur: an admission controller to integrate container image signature verification and trust pinning into a k8s cluster

v2 adds support for multiple keys and signature solutions

https://t.co/yhCrDSrZgJ https://t.co/POENfCkBN3

0

17

8

1

0

xoph

@xophham

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users