Buka Corner

Sign in Subscribe

Security

Understanding the Role of jti in JWT and Why It Matters

Understanding the Role of jti in JWT and Why It Matters

When working with JWT (JSON Web Token) for authentication and authorization, most developers focus on common claims like sub (subject), exp (expiration), or iss (issuer). However, there is one claim that often gets overlooked but plays a critical role in security and token management: the jti (JWT ID). In this

Unlocking Digital Security: A Developer’s Guide to Generating RSA and EC Key Pairs with OpenSSL

Unlocking Digital Security: A Developer’s Guide to Generating RSA and EC Key Pairs with OpenSSL

In today’s security-first development landscape, generating cryptographic key pairs is more than just a technical necessity—it’s a critical component of building secure systems. Whether you’re working with HTTPS, JWT, SSH, or mutual TLS, understanding how to generate RSA and Elliptic Curve (EC) key pairs using OpenSSL

The Power of a Single Line: Securing Your Website with RedirectMatch 404 /\.git

The Power of a Single Line: Securing Your Website with RedirectMatch 404 /\.git

In the world of web development and server administration, security is never optional. One small misconfiguration could expose sensitive data, especially when using popular version control systems like Git. One such vulnerability is accidentally exposing the .git directory on your public-facing server. Fortunately, there's a simple yet powerful

Silent Threat: The Dangers of User Account Enumeration in Login and Password Recovery

Silent Threat: The Dangers of User Account Enumeration in Login and Password Recovery

In the world of cybersecurity, not all threats come from obvious breaches or exposed credentials. Sometimes, seemingly harmless user feedback can give attackers exactly what they need. One such vulnerability is user account enumeration—a silent but powerful attack vector that many systems still expose today, especially during login or

The Silent Invaders: How OSS Packages Bring Risk Into Your Codebase

The Silent Invaders: How OSS Packages Bring Risk Into Your Codebase

When we think about software vulnerabilities, our minds often jump to flaws in our own code—bugs, logic errors, or poor security practices. But in reality, the majority of security vulnerabilities in modern software projects don’t come from your code. They come from the vast web of open-source packages

Understanding sha256sum: The Simple Yet Powerful File Integrity Checker

Understanding sha256sum: The Simple Yet Powerful File Integrity Checker

If you've ever downloaded a file from a software website and seen a long string of letters and numbers labeled "SHA-256 checksum", you might have wondered: What is this for, and how do I use it? Enter the sha256sum command—a small but mighty tool available

HTTP Basic Authentication: Still Useful or a Risky Relic?

HTTP Basic Authentication: Still Useful or a Risky Relic?

When it comes to securing web applications, HTTP Basic Authentication often stirs up strong opinions. Some call it a dangerous antique from the early days of the internet, while others see it as a fast, pragmatic tool for quick setups. As with many things in tech, the truth lies somewhere