Buka Corner

Sign in Subscribe

Security

The Origins and Rise of JSON Web Tokens (JWT): How a Simple Idea Became a Global Standard

The Origins and Rise of JSON Web Tokens (JWT): How a Simple Idea Became a Global Standard

When we talk about modern web authentication today, JSON Web Token (JWT) stands as one of the most recognized standards across web, mobile, and cloud platforms. But few developers stop to ask: Who actually proposed JWT? And how did it so rapidly dominate the authentication landscape? This article traces JWT’

Understanding the Role of jti in JWT and Why It Matters

Understanding the Role of jti in JWT and Why It Matters

When working with JWT (JSON Web Token) for authentication and authorization, most developers focus on common claims like sub (subject), exp (expiration), or iss (issuer). However, there is one claim that often gets overlooked but plays a critical role in security and token management: the jti (JWT ID). In this

Unlocking Digital Security: A Developer’s Guide to Generating RSA and EC Key Pairs with OpenSSL

Unlocking Digital Security: A Developer’s Guide to Generating RSA and EC Key Pairs with OpenSSL

In today’s security-first development landscape, generating cryptographic key pairs is more than just a technical necessity—it’s a critical component of building secure systems. Whether you’re working with HTTPS, JWT, SSH, or mutual TLS, understanding how to generate RSA and Elliptic Curve (EC) key pairs using OpenSSL

The Power of a Single Line: Securing Your Website with RedirectMatch 404 /\.git

The Power of a Single Line: Securing Your Website with RedirectMatch 404 /\.git

In the world of web development and server administration, security is never optional. One small misconfiguration could expose sensitive data, especially when using popular version control systems like Git. One such vulnerability is accidentally exposing the .git directory on your public-facing server. Fortunately, there's a simple yet powerful

Silent Threat: The Dangers of User Account Enumeration in Login and Password Recovery

Silent Threat: The Dangers of User Account Enumeration in Login and Password Recovery

In the world of cybersecurity, not all threats come from obvious breaches or exposed credentials. Sometimes, seemingly harmless user feedback can give attackers exactly what they need. One such vulnerability is user account enumeration—a silent but powerful attack vector that many systems still expose today, especially during login or

The Silent Invaders: How OSS Packages Bring Risk Into Your Codebase

The Silent Invaders: How OSS Packages Bring Risk Into Your Codebase

When we think about software vulnerabilities, our minds often jump to flaws in our own code—bugs, logic errors, or poor security practices. But in reality, the majority of security vulnerabilities in modern software projects don’t come from your code. They come from the vast web of open-source packages

Understanding sha256sum: The Simple Yet Powerful File Integrity Checker

Understanding sha256sum: The Simple Yet Powerful File Integrity Checker

If you've ever downloaded a file from a software website and seen a long string of letters and numbers labeled "SHA-256 checksum", you might have wondered: What is this for, and how do I use it? Enter the sha256sum command—a small but mighty tool available