-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
A deep look at the numbers It has been over three years now since ownCloud decided in 2012 to issue security advisories for each vulnerability at owncloud.org/security/ following industry best practice. We take this very seriously and create advisories even for very minor issues. What I have noticed is that people aren’t certain how to take this…
In my coworking space we are using ownCloud calendar to keep track of the availability of our conference room which we are also renting. However, we want also to be able to show publicly the room availability without disclosing personal information to the public. Even more limiting, since we use Jimdo to host our website we can’t execute any server-side code.…
Besides a lot of the performance work that was lately done as well as the stability and architectural improvements we work on, we are also striving to make ownCloud even more secure by improving our API as well as introducing new hardening features. In this blog post I am going to feature some of these changes. Those include: Please…
The recent DOM-based Cross-Site-Script vulnerability in WordPress has made me wonder how this could have happened in days where automated static code scanners are even integrated in standard tools such as Burp Suite (the leading toolkit for web application security testing). In this blog post I go a little bit into details about the vulnerability and what can be…
New developers to ownCloud sometimes wonder why JavaScript code embedded in HTML templates is not executed in most browsers. The answer behind this lies in the Content-Security-Policy (CSP), a very powerful and interesting web security feature. While ownCloud uses CSP since version 5.0.0, which was released in March 2013 and was thus one of the…
Lukas' Random Thoughts 