Most voted "security-guard" questions
This tag is used for security related issues and attacks against the software application.
Learn more…395 questions
Sort by count of
-
13
votes2
answers791
viewsApprove or refuse a request through Handlerinterceptoradapter
It is known that all requisitions by @RequestMapping are "public", where any user can access them through the browser. The question is, how to approve Requests where only the system can request and…
-
13
votes1
answer153
viewsWill HTTP/2 still need a security certificate or is it already encrypted by default?
It’s a layman’s question, but I’d like some information on the subject... At HTTP we have the possibility to use a security certificate type SSL to ensure the encryption of the data that circulates…
-
12
votes3
answers423
viewsHow to choose a digital certificate? What to take into account?
I’m working in a virtual store, and I need to know which is the best certificate Custo x Benefício, need to indicate a certificate to the client, but this is the first time I work with a.…
-
12
votes2
answers3152
viewsWhat is CSRF attack and what damage can it cause?
I’m seeing some people mentioning such attacks CSRF here at Stack Overflow. What I’d like to know is: What is an attack CSRF? How it’s done? What damage can it cause? How can I avoid CSRF attacks?…
-
12
votes5
answers259
viewsLogin based on email domain
I’m thinking of a system where only users who have email with domain name empresa.com may register. After registration an email will be sent to validate the email. So far so good, I can easily…
-
12
votes2
answers1508
viewsChoice of hash generation method in PHP
My doubt started when I decided to re-examine the method I was using to get the user’s password and store it in the database. After reading that one, that one and that one questions here on the…
-
12
votes2
answers4482
viewsWhat are refresh token, access tokens and Grant type?
I was researching security in REST Apis and found the terms refresh tokens, access tokens and Grant type referring to how tokens work and how the customer requests the features What they are and…
-
12
votes2
answers1125
viewsShould I encrypt the password before sending it to the server?
I am in doubt if I should encrypt a password before sending it to the server, and on the server save the hash in the bank, or if I should encrypt only on the server...
-
11
votes3
answers828
viewsHow do I generate a hash in the client-side?
I’m researching ways to create a login system with a secure encryption that doesn’t weigh down the server. Taking as an example that answer I am searching for a way to make client-side encryption,…
-
11
votes1
answer385
viewsIs the C# language recommended to be distributed online with a database?
It is very easy to get the entire code of a C# program using . NET Reflector. Would it be possible for me to put the same security in a C# program a program made in C++? I found that answer no Stack…
-
11
votes1
answer165
viewsLike, when and why use "Securestring" in C#?
I once heard about the class SecureString from C# and it seemed interesting to me, so I think it’s interesting content that can yield good answers from more experienced professionals. Some questions…
-
11
votes1
answer751
viewsHow does a Ddos attack work?
I’m curious trying to understand how a Ddos attack works, so I gave a read online and then wrote this snippet of code to attack my own router to see what happens: import socket, threading n = 0 s =…
-
10
votes2
answers7290
viewsWhat is the importance of Integrity and Crossorigin attributes?
I have been doing some research, but I still have this doubt. Currently some frameworks, your link and script are coming with attributes integrity and crossorigin. Ex.: <link rel="stylesheet"…
-
10
votes1
answer237
viewsWhat is Prototype Pollution?
I use a tool that performs security checks on the packages of my project, it indicated me that one of the packages is susceptible to Prototype Pollution, would like to know: What exactly is…
-
9
votes2
answers3211
viewsHow to improve considerably the security of Apache?
I am setting up a web server using Apache. My question is the following: Which modules I use to improve security against malicious attacks and hits on the pages posted on my server? I know there are…
-
9
votes1
answer402
viewsIs it true (yet?) that each Tor router maintains a connection with each other router? Why?
The original article describing the tor project, in the first paragraph of section 4, it says: Each onion router (Onion router) maintains a TLS connection with each other onion router. The paper is…
-
9
votes2
answers1032
viewsAttacks of data interception
What are known data interception attacks, type Man-in-the-Middle?
-
9
votes3
answers8626
viewsProtect folder from direct access
The user needs to log in to access a list of documents. All documents are in the "/uploads folder". Once you know the directory, it is easy to access it, just type in the browser…
-
9
votes1
answer1095
viewsBiometric readers output standard on fingerprint
I would like to know the following questions from someone who has worked with a biometric fingerprint reader: The outputs of biometric readers are standard, ie a reader model A of an X mark follows…
-
9
votes1
answer285
viewsHow does the LED lightweight encryption algorithm work?
I would like to better understand the functioning of the algorithm LED step by step, mainly the process of substituting and permutation of the blocks and mainly the use of the keys in each round.…
-
9
votes2
answers874
viewsIs it possible to prevent injection of external resources and requests for greater security?
I understand that we can create and search javascript plugins, analyze the code and make sure that it will not inject anything on the outside page. But supposing there is some library from which…
-
9
votes1
answer150
viewsWhat is the relationship between OOP and code security?
Is there any foundation to think that an object-oriented programming style is safer than the structural one?
-
9
votes1
answer1639
viewsWhat is Access Token? What is it for?
What exactly is an Access Token? What is an Access Token for in an API application? I would like an answer addressed to Node.js, but I believe that API creation exists in several languages, so I do…
-
9
votes3
answers447
viewsPrevent cookies from being viewed/obtained with javascript
I was reading an article and I found curious a sentence of this, where the author makes a list (right in the first paragraphs of the article) of the main safety care that we developers should take…
-
9
votes2
answers662
viewsWhat is Timing-Attack and where does it apply?
I have received a somewhat interesting reply to this question: What is the possibility of finding a given string of 192 characters in 10 minutes? But I didn’t understand what the timing-Attack.…
security-guardasked 7 years, 8 months ago Renan Cavalieri 2,748 -
9
votes2
answers742
viewsDeny/hide access to files starting with dot, like . git, . svn, . Ds_store, . yml
By default Apache denies access to files whose name begins with .ht, as an example .htaccess: <Files ~ "^\.ht"> Require all denied </Files> But I notice that many files use the prefix .,…
apache htaccess security-guard iis web.configasked 7 years, 9 months ago Guilherme Nascimento 98,651 -
9
votes1
answer690
viewsWhy is it better to use char[] than String for passwords?
Using Swing, the method getPassword() of JPasswordField returns a character array char[] instead of returning a String like the getText() (which by the way is discontinued). I should not use String…
-
9
votes1
answer597
viewsHow to calculate Shannon entropy based on HTTP header
Shannon’s entropy is given by the formula: Where Ti will be the data extracted from my network dump (dump.pcap). The end of an HTTP header on a normal connection is marked by \r\n\r\n: Example of an…
-
9
votes2
answers551
views". read" firebase security rules
I created the following security structure in Realtime Database: { "rules": { "receita": { "$chave": { ".write": "auth.uid === newData.child('usuario').val()", ".read": "auth.uid ===…
-
8
votes1
answer350
viewsHow to use Salts and hashs with PHP?
Following people, I have to make a system of registration and login of users, but wanted to increase the security of this system using Salts in passwords, someone could show me a simple example…
-
8
votes1
answer1324
viewsWhat do the security modules commonly used in bank websites do?
Most banks offer some kind of security module that acts on the client side for access to internet banking sites. They are usually made in Java and are usually quite boring to install. What exactly…
-
8
votes2
answers217
viewsRisk in allowing developers to upem files. Blade
I’m developing a blog platform where users submit their template and Laravel uses this template to build the blog. The user/developer will only inform where the values will be, example:…
-
8
votes2
answers1213
viewsWhat are the advantages and disadvantages of storing session variables in the database?
From Rails 4.0, was eliminated the Activerecord Session Store, that kept session variables in the database, for "performance issues." But the functionality continues to work through a Gem. Today…
-
8
votes2
answers571
viewsHow to transmit data securely?
I’m developing two embedded systems, a supervisor and an agent. The supervisor is a card capable of making connections to the Internet through GPRS. It receives requests from a user, through a web…
-
8
votes0
answers581
viewsHow does the RSA encryption algorithm work?
I wanted to understand how the algorithm works RSA, step by step, for a better understanding and so that I can use it properly.
-
8
votes1
answer299
viewsPrepared statements with Mysqli does not require validation of data entry?
I was studying here about security in PHP & Mysqli, and I was left with a question: if I am using prepared statments, still need to validate data entry? For example, I have a field in the form:…
-
8
votes2
answers671
viewsWhat is the way to store and read settings?
Imagining that I have a small site, and this site stores and returns information from the database. Currently I see many people storing the data of login for Mysql or paths in PHP variables or…
-
8
votes4
answers635
viewsWhy can objects other than the same class access private fields from each other?
Today while I was taking a course in Udacity (Intro to Java Programming) I thought about this in the exercise Update the class Person (lesson 3 29/45). In object-oriented modeling we have the…
-
8
votes3
answers852
viewsWeb Security api: SSL?
I wonder if you have how to restrict requests to a web api specifically for a machine. My web api will be hosted on computer A. My client (at first only one) will stay on the computer B. Different…
-
8
votes2
answers1355
viewsWhat is SSL Pinning?
I was recently watching a video that briefly mentioned the term "SSL Pinning" to describe a measure (understood by me as security) to establish a more secure and probably encrypted communication…
-
7
votes1
answer146
viewsIs there a specific type for passwords other than String in . Net?
I see very commonly the use of strings to store passwords in the program memory, not only on . Net, but in all the programming languages I’ve used. At first, I don’t see a problem in it. But as I…
-
7
votes1
answer523
viewsWhy is it risky to run Java applets in browsers?
In my company, we have two websites that need a Java applet (to authenticate using digital certificates). And these two sites give a lot of headache, mainly, whenever Oracle releases an update from…
-
7
votes2
answers4616
viewsLogin with network user(AD)
I need to log the user into my system, with the user who is logged in to the company network. I’ve never done this and I’m having doubts about how to get users on AD. I’m doing research on the net…
-
7
votes4
answers1550
viewsHow to make an external login authentication?
I need to develop a system to be used by the user. The user will be registered in another system, where we will have the registration, contracted plans and financial control of the same... The idea…
-
7
votes2
answers2701
viewsWhich is more secure: Session or cookie?
Thinking about security guard, what is the best option to keep the user logged in an ASP.NET MVC application, the cookie or the Session?
asp.net-mvc .net security-guard session cookiesasked 8 years, 11 months ago Jedaias Rodrigues 6,718 -
7
votes1
answer188
viewsSecurity, what threats besides an SQL Injection do I have to worry about a search field?
I’m getting deeper into web programming (with php) and I have this doubt, I’ve seen some similar things in some places, but going straight to the point I wanted to tell me what are the main security…
php web-application security-guard quest sql-injectionasked 8 years, 9 months ago Rafael Nobrega 194 -
7
votes1
answer478
viewsWhat is the security in using input "password" or "text"?
Recently we are on a wave to use the combination of input of passwords with the option to hide/display the password (*** -> abc), with the "eye" technique. I understand this purpose as it greatly…
-
7
votes2
answers1130
viewsWhat is the safest way to identify that the upload file is an image?
I’m making a system where I can receive an image upload. To check on the server if the file type is image, I thought of this code: if (strpos($upload->getClientMimeType(), 'image') !== 0) { throw…
-
6
votes2
answers157
viewsUsing a security framework or fingernail?
I have had this doubt for some time and to this day I am not so firm in a position, despite having taken a. Whenever I develop, or participate in the development of an application (WEB), we usually…
-
6
votes2
answers1442
viewsIs it possible to get some value from the browser that identifies the user’s machine?
Problem I am searching for some way to identify and validate workstations, and would like to get some value from the machine that is not changeable, such as the IP that can change. I tried to get…