kernicPanel
Follow
21.5K views | +1 today
kernicPanel
JavaScript, Node Js, Git, Vim, and more…
Curated by Nicolas Clerc
Your new post is loading...
Your new post is loading...
Scooped by Nicolas Clerc
Scoop.it!

Exploit Exercises

Nicolas Clerc's insight:

exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.

more...
No comment yet.
Scooped by Nicolas Clerc
Scoop.it!

Storing Passwords Securely

Why "SHA 256-bits enterprise-grade password encryption" is only slightly better than storing passwords in plain text, and better ways to do it.
more...
No comment yet.
Scooped by Nicolas Clerc
Scoop.it!

Node.JS SSL Certificate Chain

I’ve just discovered that one of our servers is not serving up it’s SSL certificate chain correctly. This is fine for modern web browsers who trust the COMODO certificate, but for older browsers/operating systems you need to support higher up the trust chain.

more...
No comment yet.
Rescooped by Nicolas Clerc from Nodejs-code
Scoop.it!

Password Authentication with Mongoose and bcrypt

This post is Part 1 of a series on implementing username/password authentication for your Mongoose user models. In this first installment, we will discuss how to implement one-way encryption of user passwords with bcrypt, and how to subsequently use the encrypted password for login verification.

Via nodejs-code
more...
Göran Svensson's curator insight, September 17, 2013 10:03 PM

Great post! I would probably implement it with pbkdf2 and use 

https://github.com/ElmerZhang/ezcrypto based on Crypto JS. 

Scooped by Nicolas Clerc
Scoop.it!

fusker - Securitythatfightsback

fusker - Fusker is a static HTTP server that provides optional security features for HTTP/Socket.io...
more...
No comment yet.
Rescooped by Nicolas Clerc from nodeJS and Web APIs
Scoop.it!

Authentication: Don't be Clever

Authentication: Don't be Clever | kernicPanel | Scoop.it
HTTP API authentication has evolved through many forms over the years. As so-called RESTful APIs gained popularity, a variety of methods sprung up: key passing, plain-old HTTP Basic Auth, OAuth 1.0...

Via Srdjan Strbanovic
more...
No comment yet.
Scooped by Nicolas Clerc
Scoop.it!

Password Authentication with Mongoose (Part 2): Account Locking

This post is Part 2 (of 2) on implementing secure username/password authentication for your Mongoose User models. In Part 1 we implemented one-way password encryption and verification using bcrypt. Here in Part 2 we'll discuss how to prevent brute-force attacks by enforcing a maximum number of failed login attempts.

more...
No comment yet.
Scooped by Nicolas Clerc
Scoop.it!

Two Factor SSH on Joyent SmartMachines

After reading this scary blog entry about domain hijacking I’ve been a bit concerned about brute forcing of credentials and have been turning on the two-factor authentication facilities that folks like Google provide for my gmail and personal domains.

I’ve just found out about Duo Security, a service that allows you to add two-factor authentication to your SSH server, Juniper VPN and even Wordpress blogs. Their service is free for up to 10 users and they start charging when you pass that threshold.

more...
No comment yet.
Scooped by Nicolas Clerc
Scoop.it!

Getting Cirrius: Securing Node.js and Express with SSL Client-Authentication

♥ Getting Cirrius: Securing Node.js and Express with SSL Client-Authentication - http://t.co/Fr79Sj6m http://t.co/Iz1LiReE...
more...
No comment yet.