BestHub
Sign in
Tag

Replay Attack

2 views collected around this technical thread.

Top Architect
Top Architect
Apr 17, 2025 · Information Security

Designing Secure Third‑Party API Authentication with AK/SK, Signatures and Replay‑Attack Prevention

This article presents a comprehensive design for securing third‑party APIs by using Access Key/Secret Key pairs, timestamp and nonce validation, signature generation, token handling, HTTPS, rate limiting, logging, idempotency, versioning, standardized response formats and practical Java code examples to prevent tampering and replay attacks.

API securityAuthenticationReplay Attack
0 likes · 32 min read
Designing Secure Third‑Party API Authentication with AK/SK, Signatures and Replay‑Attack Prevention
Architect
Architect
Oct 2, 2024 · Information Security

Preventing API Parameter Tampering and Replay Attacks with Signature Verification in Java

The article explains how exposed API endpoints can be intercepted and altered, and presents practical security measures—including HTTPS, encrypted parameters, timestamp‑based signatures, and a Spring Boot filter implementation—to detect and block tampering and replay attacks in a Java backend.

API securityJavaParameter encryption
0 likes · 8 min read
Preventing API Parameter Tampering and Replay Attacks with Signature Verification in Java
Laravel Tech Community
Laravel Tech Community
May 16, 2022 · Information Security

Preventing Replay Attacks with Timestamps and Nonces in PHP

The article explains replay attacks, describes how using a timestamp, a nonce, or a combination of both can protect API requests, and provides complete PHP code examples for signing and verifying requests to ensure each call is accepted only once.

PHPReplay Attackinformation security
0 likes · 7 min read
Preventing Replay Attacks with Timestamps and Nonces in PHP
Code Ape Tech Column
Code Ape Tech Column
Jan 29, 2021 · Information Security

Preventing API Parameter Tampering and Replay Attacks Using Timestamp and Nonce

This article explains how timestamp and nonce mechanisms can be combined to protect API endpoints from parameter tampering and replay attacks, illustrating the approach with a Java Spring interceptor that stores nonces in Redis and validates signatures on each request.

API securityJavaRedis
0 likes · 8 min read
Preventing API Parameter Tampering and Replay Attacks Using Timestamp and Nonce
Sohu Tech Products
Sohu Tech Products
Jan 20, 2021 · Information Security

Securing Frontend‑Integrated APIs with Token, Timestamp, and Signature Validation in Spring

This article explains how to protect API endpoints that interact with front‑end applications by using token‑based authentication, timestamp checks, and MD5 signatures, detailing the implementation of open and secured controllers, login logic, signature verification, replay‑attack mitigation, and a Spring interceptor.

API securityInterceptorReplay Attack
0 likes · 9 min read
Securing Frontend‑Integrated APIs with Token, Timestamp, and Signature Validation in Spring
Java Architect Essentials
Java Architect Essentials
Nov 25, 2020 · Information Security

API Interface Security: AccessKey/SecretKey, Token/AppKey, Signature Generation and Replay‑Attack Prevention

The article explains how to secure API interfaces by using AccessKey/SecretKey or Token/AppKey for identity verification, generating request signatures to prevent parameter tampering, and applying timestamp‑nonce mechanisms to defend against replay attacks, while providing concrete implementation examples in code.

API securityAccessKeyAuthentication
0 likes · 8 min read
API Interface Security: AccessKey/SecretKey, Token/AppKey, Signature Generation and Replay‑Attack Prevention
Architect
Architect
Oct 1, 2020 · Information Security

API Authentication and Request Signing with AccessKey/SecretKey, Token, and AppKey

The article explains how to secure API interfaces by using AccessKey/SecretKey, token, and AppKey for identity verification, parameter signing, and replay‑attack prevention through timestamp‑nonce mechanisms, and provides step‑by‑step client and server implementation examples.

API securityAccessKeyAuthentication
0 likes · 7 min read
API Authentication and Request Signing with AccessKey/SecretKey, Token, and AppKey
AntTech
AntTech
Mar 10, 2020 · Information Security

Case Analysis of a Mobile Banking App Attack and Client‑Side Security Strategies

The article examines a 2019 bank app breach where a young hacker used packet capture, fake ID and replay attacks to create fraudulent accounts, then discusses comprehensive client‑side security measures—including Alipay's multi‑layer protection, AI‑driven verification, and mPaaS lifecycle hardening—to safeguard mobile applications.

AlipayMobile SecurityReplay Attack
0 likes · 6 min read
Case Analysis of a Mobile Banking App Attack and Client‑Side Security Strategies
Baidu Intelligent Testing
Baidu Intelligent Testing
Jun 28, 2016 · Information Security

Business Security Testing: Concepts, Techniques, and Practical Tools

This article introduces business security testing, explaining its background, overall workflow, and detailed techniques such as network request interception with tools like TamperIE, Chrome DevTools, and tcpdump, as well as cookie manipulation, backend authentication forging, and replay attacks on GET and POST interfaces.

Replay AttackSecurity Testingbusiness security
0 likes · 12 min read
Business Security Testing: Concepts, Techniques, and Practical Tools