Customized Remote Work Solutions From the World’s Largest Fully Remote CompanyCustomized Remote Work SolutionsLearn More

System Security

Showing 1-9 of 9 results
EngineeringIcon ChevronBack-end

Keep It Encrypted, Keep It Safe: Working with ESNI, DoH, and DoT

by Brian Wojtczak

Internet privacy's cutting-edge technology includes encrypted server name indication (ESNI) and encrypted DNS in the form of DNS over HTTPS (DoH). Find out what they are, why they exist, and how they work.

11 minute readContinue Reading
EngineeringIcon ChevronBack-end

Performance and Efficiency: Working with HTTP/3

by Brian Wojtczak

HTTP/3 is on the horizon, but many aren't even familiar with HTTP/2 yet. Find out what HTTP/3 means for web development, administration, and the internet.

15 minute readContinue Reading
EngineeringIcon ChevronBack-end

Changelog: The OWASP Top 10 Project

by Hrvoje Gazibara

The de facto standard for web application security is the Open Web Application Security Project’s Top 10 Project. It lists the ten most prevalent security threats based on an extensive amount of data and community feedback and was updated in late 2017. In this article, Toptal Freelance Full-stack and System Security Developer Hrvoje Gazibara discusses the changes to the OWASP Top 10’s most recent revision by illustrating new vulnerabilities, and even some that were removed.

18 minute readContinue Reading
EngineeringIcon ChevronWeb front-end

Getting the Most Out of Your PHP Log Files: A Practical Guide

by Ilya Sanosian

Log files may very well be one of the most underestimated and underutilized tools at a developer's disposal. Beyond their value for debugging, with a bit of creativity and forethought, logs files can be leveraged to serve as a valuable source of usage information and analytics. In this article, In this article, Toptal engineer Ilya Sanosyan provides a practical guide to maximizing the value we get from our logs.

15 minute readContinue Reading
EngineeringIcon ChevronWeb front-end

JSON Web Token Tutorial: An Example in Laravel and AngularJS

by Tino Tkalec

Authentication is one of the most important parts of any web application. For decades, cookies and server-based authentication was the easiest solution. However, handling authentication in modern Mobile and Single Page Applications can be tricky and demand a better approach. One of the best known solutions to authentication problems for APIs is the JSON Web Token (JWT).

16 minute readContinue Reading
EngineeringIcon ChevronTechnology

Separation Anxiety: A Tutorial for Isolating Your System with Linux Namespaces

by Mahmud Ridwan

Linux namespaces make it possible to run a whole range of applications on a single real machine and ensure no two of them can interfere with each other, without having to resort to using virtual machines. In a single-user computer, a single system environment may be fine. But on a server, where you may want to run multiple services, it is essential to security and stability that the services are as isolated from each other as possible.

12 minute readContinue Reading
EngineeringIcon ChevronBack-end

10 Most Common Web Security Vulnerabilities

by Gergely Kalman

For all too many companies, it's not until after a breach has occurred that security becomes a priority. An effective approach to IT security must, by definition, be proactive and defensive. This post focuses on 10 common and significant web-related IT security pitfalls to be aware of, including recommendations on how they can be avoided.

12 minute readContinue Reading
EngineeringIcon ChevronData Science and Databases

Fixing the “Heartbleed” OpenSSL Bug: A Tutorial for Sys Admins

by Gergely Kalman

A potentially critical problem, nicknamed "Heartbleed", has surfaced in the widely-used OpenSSL cryptographic library. The vulnerability is particularly dangerous in that potentially critical data can be leaked and the attack leaves no trace. As a user, chances are that sites you frequent regularly are affected and your data may have been compromised. As a developer or sys admin, sites or servers you're responsible for are likely to have been affected. Here are the key facts you need to know about this dangerous bug and how to mitigate your vulnerability.

< 5 minute readContinue Reading
EngineeringIcon ChevronData Science and Databases

With a Filter Bypass and Some Hexadecimal, Hacked Credit Card Numbers Are Still, Still Google-able

by Gergely Kalman

In 2007, Bennett Haselton revealed a minor hack with major implications: querying ranges of numbers on Google would return pages of sensitive information, including Credit Card numbers, Social Security numbers, and more. While Haselton's hack was addressed and patched, I was able to tweak his original technique to bypass Google's filter and return the same old dangerous results.

6 minute readContinue Reading

Join the Toptal® community.