Most voted "security-guard" questions
This tag is used for security related issues and attacks against the software application.
Learn more…395 questions
Sort by count of
-
6
votes1
answer162
viewsIs there any risk of submitting form with HTML?
When inserting the text: Em 19 de maio de 2015 16:48, <asdfsadf> escreveu: and send the form I generated the following error: A potentially Dangerous Request.Form value was Detected from the…
-
6
votes0
answers220
viewsHow to use Oauth in ASP.NET 5?
In versions prior to ASP.NET 5, there was a middleware called "Oauth Authorization Server Middleware" that allowed adding an Oauth server to the pipeline and setting up token generation. The…
asp.net security-guard asp.net-web-api oauth asp.net-coreasked 9 years, 6 months ago SomeDeveloper 18,074 -
6
votes2
answers1296
viewsOpen ID Connect and Oauth 2
Last year researching a bit about authentication on API's REST I’ve heard of OAuth and saw many recommendations regarding it. I read a little on the subject, liked the same and started using it with…
-
6
votes2
answers1087
viewsA Mysql query, with`crases` vs without
With aces to query is safer or less? $Query = "Select * from `tabela` WHERE `id` = `1`"; vs $Query = "Select * from tabela WHERE id = 1";
-
6
votes5
answers2278
viewsIs it safe to use $_GET in PHP? (Parameter in URL)
In the old days it was very common to visit web pages and see on URL the parameters being passed right there, on the website of php.net it shows that it is already obsolete, there are sites like…
-
6
votes2
answers1577
viewsSecurity with Angularjs and Rest
I’m starting with Angularjs and Rest (Java JAX-RS) and I’m having a doubt. The functions responsible for Rest requests are easily viewed via the browser by right-clicking Exibir código fonte da…
-
6
votes1
answer439
viewsHow to use Prepared statements with external variables in Mysqli
I have the following code, which I want to use prepared statments: prepare.php: <?php include "../conex.php"; // conecta mysqli_set_charset($mysqli,"utf8"); // Transforma em UTF8 pra gravar…
-
6
votes1
answer423
viewsCan denying access to a mod_rewrite folder be unsafe?
I’m thinking of creating a very limited php microframework just for own use, however I came across a situation, most frameworks uses a folder called public and on the generally production servers we…
-
6
votes2
answers334
viewsHow to protect an Assembly from decompilation?
Nowadays there are many water heaters and recompilers for . NET Framework, the guy goes there, makes an application and everyone who has a decompiler (for example IL Spy) can go there, select the…
.net security-guard cryptography decompilation .net-assemblyasked 8 years, 8 months ago CypherPotato 9,292 -
6
votes1
answer1263
viewsHow to avoid buffer overflow in C/C++
The program below allows the occurrence of memory overflow, as it is possible to overwrite the variable zero, placing a value "large" in the variable buffer. How to make a safe program by avoiding…
-
6
votes1
answer181
viewsIs "new Domparser" safer than "Document.createelement"?
I created a script to try to remove unsafe content when injecting DOM (I’m using it in extensions/Addons for browsers): var str = "<strong>Hello</strong> mundo <script…
-
6
votes1
answer4628
viewsWhat is the difference between Sanitize and filter in PHP?
Making a safety class for PHP I noticed the existence of two similar constants, like: FILTER_SANITIZE_NUMBER_INT and FILTER_VALIDATE_INT. The standard follows in validations of email, string and…
-
6
votes1
answer185
viewsWhat is Level Trust of an ASP.NET application?
What is the purpose of setting up Level Trust in an ASP.NET application? It protects the server from something? It protects the application from something? In which case or for what reason it is…
-
6
votes2
answers157
viewsIs capturing Nullpointerexception bad practice?
I’ve been a little uneasy about security issues and vulnerabilities lately, and in my research, I came up with an article that intrigued me. According to the OWASP: Description It is generally a bad…
-
6
votes2
answers724
viewsmysqli_real_escape_string Prevent SQL Injection?
According to the documentation, the function: Escapes special characters in a string of characters for use in an instruction SQL, taking into account the current character set of the connection. So:…
-
6
votes1
answer187
viewsWhat is the Spectre?
The Spectre is a security breach that compromises a large amount of systems. What is? How it works? What kind of systems and devices are vulnerable? What can be done to defend yourself against him?…
-
6
votes1
answer142
viewsHow does "umask" work in PHP and when should we use it or not?
I was reading the documentation of umask and I came across this: When PHP is being used as a server module, the umask is Restored when each request is finished. Translating: When PHP is being used…
-
5
votes2
answers1137
viewsStandards for user authorization/permission
There are other standards for user authorization/permission other than the Role-based access control standard implemented by Microsoft for technologies. NET?
-
5
votes3
answers1012
viewsUser Authentication with Laravel 4
I’m starting to authenticate users with Laravel 4, as a basis for this link. My doubt and the following, all route, I will have to use this way? Route::get('/', array('before' => 'auth'),…
-
5
votes1
answer175
viewsIs it possible to make a fake POST request?
I am creating a central system that validates information coming from other client systems via post and I would like to know if it would be possible for someone to make a false post request by…
-
5
votes1
answer751
viewsPrevention Session Hijacking
I know that to prevent this type of attack we must use session_regenerate_id(), mainly before logging in. My question is whether to delete the previous session by passing a true as parameter? I…
-
5
votes1
answer741
viewsHow Telegram Encryption Works
I’m analyzing that Telegram uses encryption end-to-end and I’m trying to understand how they get such a fact, they make everything available documented but my English is not so good and Google…
-
5
votes2
answers304
viewsMake a subdomain or create a subfolder?
Today a certificate seller SSL informed me that my site.com.br/intranet it’s not safe, what the right thing would be to do intranet.site.com.br that’s true? Does a sub-domain make any difference…
-
5
votes1
answer100
viewsDoubt exercise of xss
Guys wanted to understand the following logic of an xss challenge they were doing So because when I put <script>alert(1);</script> does not work but when I put…
-
5
votes2
answers3711
viewsHow to store Credit Card data securely?
Currently I use third party services to handle online transactions via credit card, they store the card data themselves and make the charge. I am wanting to store the customer’s credit card data in…
-
5
votes1
answer709
viewsWhy is strcpy() insecure?
I’m reading about secure programming, and I read that function strcpy(), of the C language, is an example of insecure. I also read that there is a secure version of this function, which would be the…
-
5
votes2
answers254
viewsExplain in a simpler way what are these attacks?
I would like to know in a more simplified way what these types of attacks are. Keylogger Brute force attack Cryptanalysis of rubber hose Sql Injection And please, if you could go deeper into the…
-
5
votes1
answer3871
viewsLocal Storage or Cookie, where is it best to store an authorization token?
We have a project and we will use a token de autorização, we’re using AngularJs to the front end and the back we develop in Java using Spring Framework and Spring Security, and send the token for…
-
5
votes1
answer901
viewsStore password in database
I have an application that needs to store passwords and get them again, this is not just for login check because the stored passwords will be used to provide access to another system (there is no…
-
5
votes4
answers1270
viewsHow to fix Cross site scripting or XSS
I’m studying about some vulnerabilities I found on a site I did and I came across the possibility of the attacker sending malicious code, so I read and so my question here, I just need to fix my…
-
5
votes1
answer7857
viewsWhat is the difference between . cer, . pfx and . pvk?
I was tinkering with some files that are certified digital and security certificates, so I came up with the question: What’s the difference between a file .cer, .pfx and .pvk?…
-
5
votes1
answer2656
viewsHow does a virtual keyboard work for security purposes?
I know you have several posts here citing the pros/cons of virtual keyboards to avoid keyloggers, but I didn’t see any that went into that particular point: How do those virtual bank type keyboards…
-
5
votes1
answer251
viewsDoes it make sense to store the salt of a password with the hash itself?
Looking at tables in a database of a certain product, I came across a structure similar to this: [LocalUsers] UserId Integer PasswordHash Byte[] Salt Byte[] If an intruder gets this list, it’s…
-
5
votes2
answers132
viewsShould I encrypt the password in the application or on the server?
I am making an application that requires registration of users and my question is whether I should make the encryption in the application and save on the server or send to password and encrypt on…
-
5
votes1
answer69
viewsMore secure VPN types
I have a project ready in my company where I use pfsense on the network edge, the equipment plays the role of Proxy, Firewall, gateway and VPN with SSL certificate, but a third party when coming to…
-
5
votes1
answer3432
viewsIs there any risk in using "SET FOREIGN_KEY_CHECKS = 0"?
According to what I read somewhere, the FOREIGN_KEY_CHECKS: ... specifies whether or not to check foreign key restrictions for Innodb tables. I mean, if the guy wants to disable the foreign key…
-
5
votes1
answer249
viewsHow did this site "manipulate" the mouse position?
As usual, that question there is already an answer to that. Unfortunately I was surprised to browse a malicious site unintentionally. He was able to manipulate the mouse position, preventing me from…
-
5
votes1
answer577
viewsHow to implement Feature Policy Header by htaccess?
For which I understood, this response header controls access to the content of the application, and in conjunction with other headers such as the Referrer Policy approached in this question,…
-
4
votes1
answer5307
viewsHow to work a secure session in PHP using cookies so that the session does not expire when you close your browser?
In PHP, I usually work on user authentication in a restricted area using the variable $_SESSION, but I want to change this method to cookies so that the session does not end when closing the…
-
4
votes1
answer8024
viewsHow to determine permission to use tables?
How can I make a certain user "see" one table and another not? I’ve been doing some research, I found the DENY SELECT ON *** but I was unsuccessful.
-
4
votes1
answer321
viewsHow to prevent a user from storing mp3 files, thus preventing them from being able to distribute them?
First of all, it is good to mention that my doubt arises following another question that I put here in stackoverflow in pt and that can be read in: Web Hosting or Streaming Hosting? I am developing…
-
4
votes1
answer345
viewsWhat measures can we take to protect the issuance of malware slips that alter the digitable line?
In addition to PDF issuance, which can hinder some customers by the lack of PDF viewers, what techniques could we use to protect or detect that the generated billet has been modified by malware?…
-
4
votes2
answers1410
viewsHow to effectively test and locate application security holes?
I am facing a serious problem with hackers and/ or crackers on the site developed for a city hall. I did tests with SQL MAP on every page of the website. I tested the ftp lock, searched for injected…
-
4
votes1
answer925
viewsTime access restriction with php
I want to develop a security system, which serves both for contact form and login, the intention is that it is an additional to the use of CAPTCHA, or in some cases a substitute. The logic is as…
-
4
votes1
answer859
viewsIs this a good way to keep my API safe?
My application consists of an API nodejs on backend but I’m also creating the reference implementation of a Javascript client, which is a SPAen made with Backbone. First: the API accepts only HTTPS…
-
4
votes1
answer321
viewsView database information securely
What kind of encryption should I use to encrypt a CPF in the database and then display that same CPF (decrypted) to the client in a secure manner?
-
4
votes1
answer352
viewsHow to access PHP webservice securely from an Objective-C/iOS app?
I’m making an application where I need to securely send user data to the Web Service using PHP. For this, I’m researching security for iOS. What is the recommended method and what are the points I…
ios web-service objective-c security-guard cryptographyasked 9 years, 8 months ago Tiago Amaral 1,520 -
4
votes2
answers716
viewsHow to prevent POST from outside the server?
I’m creating an app and I didn’t want some smart-ass thinking about changing the path of a POST html to send the values he wants, so I used a method in PHP: $referral=$_SERVER['HTTP_REFERER'];…
-
4
votes1
answer188
viewsHow to Distribute RIA with JNLP and Java 8
I developed an application and at the time of distributing with JNLP, I found an impasse. With Java 8, it asks to sign the Jars and the certificate must be from a recognized CA. I signed the Jars…
-
4
votes2
answers1320
viewsSave user and password without database use
I am developing an application in C# of the kind Console, and I’m looking to save some sensitive settings like user, password and IP. The problem is, how to safely store this data locally without…