I dont mean to be so offtopic but does anyone know a way to get back into an instagram account? I was stupid lost my password. I would appreciate any help you can offer me
Great question! User passwords are typically stored as hash values...not the actual password itself. A hash algorithm is run against the password and the hash value is stored and used to allow access or not. A rainbow table takes a list of common passwords and runs them through a variety of hashing algorithms and then that output (the hashes) can be used to try and gain access to the system. This is one reason to use strong, not-easily-guessed passwords! I hope this helps!
This depends on your specific web application, but sometimes people will store sensitive data even if they don't have to. The idea here is that you should keep only the data that you absolutely have to in order to do the job. If there is any data that you can discard then you should discard it...delete it (maybe a user submits an address or something but you don't need that information for your web application to work properly).
As an example, if you are building a payment processor app and you are using third party services as a Payment Gateway, directly introduce an in user's browser which will point to payment gateway where user will feed card data and your app will neither have that credit card data in transit or at rest.
It couldn't get more simple than this !!! Good Job
glad you enjoyed it!
These OWASP tutorials are fantastic. Thank you for your efforts.
glad you enjoy them!
I dont mean to be so offtopic but does anyone know a way to get back into an instagram account?
I was stupid lost my password. I would appreciate any help you can offer me
Thank you so much for the series
I'm glad you enjoy the videos!
I like the way you keep things simple while explaining very good videos Thank You !!
glad you find these videos helpful!
Wow awesome explanation,
Going to watch all the episodes
glad you enjoyed it!
Kudos on the presentation --
Glad you enjoyed it!
thanks for explaining these topics but can you also explain owasp top 10 2021?
John is working on an updated series for the OWASP Top 10 2021. Stay tuned! :-)
@@devcentral thanks for update
Thank-you all these videos are really helpful to me :)
glad you are enjoying them!
John! I'm a fan! thanks a ton for these videos!
glad you enjoy these videos!
How do you crack the encryption with rainbow table @5.04 ???
Great question! User passwords are typically stored as hash values...not the actual password itself. A hash algorithm is run against the password and the hash value is stored and used to allow access or not. A rainbow table takes a list of common passwords and runs them through a variety of hashing algorithms and then that output (the hashes) can be used to try and gain access to the system. This is one reason to use strong, not-easily-guessed passwords! I hope this helps!
Great explanation sir
Hi there, can I consider web server type or version as sensitive data? Framework used ?
Best explanation so far! Thank you so much, helped me a lot to clarify :)
glad you enjoyed it!
What about when encrypted data in the form of "IN use " and "iN Transmission" then how to detect exfiltration specially in Https
Siem or ids can help in this case I guess.
What kind of a board are u using?? writing in the front, I didn't get that...
Here's a "behind the scenes" look at how we film these lightboard lessons: devcentral.f5.com/articles/lightboard-lessons-behind-the-scenes
@@devcentral So that's how its done... Nice 👍
@@devcentral It does look like you can write backwards incredibly well! Flipping the image in post makes much more sense though! :)
Could anyone explain what are ciphers? I'm not sure I understand what he means by "strong ciphers"
This article on DevCentral should be helpful: devcentral.f5.com/articles/cipher-suite-practices-and-pitfalls-25564
Thank you!
cipher is an algorithm for encrypting and decrypting data. example modern web application use TLS 1.3 encryption method for network connection.
Thank you!!!
You're welcome!
Sooper Video - explanation
glad you enjoyed it!
very well explained... goood
glad you enjoyed it!
Thanks :)
Thank you!
glad you enjoyed it!
"If possible, don't store sensitive data", could you give me the example how it should be?
This depends on your specific web application, but sometimes people will store sensitive data even if they don't have to. The idea here is that you should keep only the data that you absolutely have to in order to do the job. If there is any data that you can discard then you should discard it...delete it (maybe a user submits an address or something but you don't need that information for your web application to work properly).
As an example, if you are building a payment processor app and you are using third party services as a Payment Gateway, directly introduce an in user's browser which will point to payment gateway where user will feed card data and your app will neither have that credit card data in transit or at rest.
Ok. This drives me nuts. Are you writing backwards? If so how???
It's literally the only thing I can think about while watching these.
Thanks for the comment! Here's how we produce these: th-cam.com/video/U7E_L4wCPTc/w-d-xo.html
@@devcentral thanks! This assuages my curiosity.
I could never write backwards like that, and he's not even Chinese! 🤔
How we do it: th-cam.com/video/U7E_L4wCPTc/w-d-xo.html