Most voted "security-guard" questions
This tag is used for security related issues and attacks against the software application.
Learn more…395 questions
Sort by count of
-
4
votes2
answers1140
viewsProtect ASP.NET source code (aspx)
I have a question regarding ASP.NET: In the case of PHP when an application is placed on the server means to put the source code of the same. In the case of ASP.NET, (specifically C# with pages in…
c# asp.net .net security-guard software-engineeringasked 9 years, 9 months ago Anderson Brunel Modolon 1,111 -
4
votes2
answers2173
viewsHow to log into Facebook using an active session cookie in the DOM?
I’m studying security in web applications. For educational purposes, I logged on to my Facebook page and copied my active session cookie obtained on document.cookie, then I opened another browser,…
-
4
votes1
answer969
viewsIs it safe to use Timthumb?
I’m making a website and I started making use of the library Timthumb.php to resize the images in the exact size I want. However came to me two questions Is it safe to use? hear that past versions…
-
4
votes1
answer207
viewsIs using HTTPS enough to protect a login area?
Considering a system in which you have the correct server-side treatments, validations and protected against SQL, XSS and brute force attacks, it would be sufficient just forward the login area to…
security-guardasked 9 years, 3 months ago Renan Cavalieri 2,748 -
4
votes2
answers137
viewsForm safety
I have the following code: PHP (server): if(isset($_POST['subdate']) && !empty($_POST['date'])) { $daysOff = array(); $get_date = explode(',', $_POST['date']); foreach ($get_date as $date) {…
-
4
votes1
answer632
viewsOauth API authentication with external provider
When we use Oauth we have the "authorization server" and the "resource server". The resource server is the server on which the API is, that is, this is where the interface to the resources we want…
-
4
votes0
answers32
viewsHow can a SSL/TLS protocol protect a website?
It’s a very old question, but I hadn’t stopped to research about, I did a quick search and I didn’t find anything useful to explain: How HTTPS protects a website? The question is fairly simple for…
-
4
votes0
answers187
viewsHow to implement certificate chains? What is the importance/operation?
I created a local application in VS and when climbing the server the application was not with all the resources of the local application, in the application I am using X.509 and found a difference…
-
4
votes0
answers755
viewsWhy don’t government websites have safety certificates?
Why many Brazilian government websites often do not have valid safety certificates? Examples: https://www.ibama.gov.br/ https://www.ibge.gov.br/ https://www.funai.gov.br/ https://www.brasil.gov.br/…
security-guardasked 9 years, 3 months ago Rodrigo 189 -
4
votes2
answers1494
viewsAccess and permission control
I have a CRUD project to manage faculty and college courses using jsf+primefaces+jpa. My problem is this: There are the users who are the coordinators of the courses and the users who are…
-
4
votes3
answers1686
viewsIs saving the user ID in COOKIES safe?
Guard the ID of the user in Cookies is safe as it is easy to see it from the browser. My questions are as follows:: Guard the ID of the user in Cookies is safe? If it’s not safe, what method seguro…
-
4
votes2
answers161
viewsProtecting data in memory
I read several articles on cryptography etc... The cryptography reported by posts was a success in my program, however some data remains in memory being vulnerable to Assembly readers in real time.…
-
4
votes1
answer42
viewsWEB Systems What is the best way to escape from Searchers and make it invisible
When it comes to WEB systems What would be the safest and most used way for it to become invisible to search engines? I know there are the "Goals" but I think there should be more reliable way…
-
4
votes1
answer156
viewsWhat is the possibility of finding a particular 192-character string in 10 minutes?
I’m reinforcing an authentication system, where in the password recovery part, I implemented it as follows. The user informs the e-mail address. If it exists, the e-mail is sent (see example below).…
-
4
votes1
answer406
viewsSelf-signed Certificate Security ( Self-signed Certificate)
I am making a Java Client-Server system that will manage computers in a room, the scenario is as follows: A computer, the server, waits for connections, when an action is made ( Block Screen ) this…
-
4
votes1
answer535
viewsWhat is an Over-posting attack?
I came across the term Over-posting while following Microsoft’s guide to creating ASP.NET Core applications. I had made a question regarding the use of attributes in the signature of a method, which…
-
4
votes2
answers284
viewsIs it safe to leave crucial information in an Hidden input in HTML?
I can leave, for example, the ID of a user q I will do select in the hidden, and use it (the id) without having to confirm that that ID belongs to the logged in user? In other words, the user can…
-
4
votes1
answer78
viewsSecurity in a Task Management System
This is something that raises many questions. I am creating a Task Management System. Most fields are INPUTS or SELECTS FORMS. Most of these fields users only interact when they have already logged…
-
4
votes2
answers76
viewsclone, copy, changeable object on getter for security
In many articles and books it is cited that for security the correct is always deliver via getter a copy of mutable attributes. It can be a clone or a new instance containing the same values as your…
-
4
votes1
answer241
viewsShould I ask for the user’s password twice at the time of registration?
In the registration forms, it is common to see the "Enter your password again" field, as a confirmation to make sure that the user has not missed the password entered. Thinking about the user…
-
3
votes3
answers2054
viewsProtect the connection string in a . NET Winforms application?
I have an app .NET Windows Forms connecting to a server SQL Server directly, without the use of an intermediate layer as a Webservice or Webapi, through SqlConnection. This application is installed…
-
3
votes1
answer58
viewsCan the iv used in AES-CTR be stored in clear?
I intend to use the AES cipher in counter mode and I’m not sure if I can save iv (nonce + counter) in clear.
-
3
votes1
answer616
viewsPassword security: Should I use Mysqli -> real_escape_string or bind_param?
Mysqli => real_escape_string I want the password storage to be as safe as possible, at the moment I am using only mysqli => real_escape_string: $password = $_POST['password']; $password_safe =…
-
3
votes2
answers972
viewsEncryption with Java
I need to encrypt the data in a user authentication session, and I would like to know the best, most secure way to work with Java encryption. Is it using Salt, MD5, AES, SHA, or other? Which API’s…
-
3
votes1
answer2578
viewsHow to request client IIS 7.5 ssl certificate
How to request the client’s SSL certificate in an ASP.NET MVC 5 application? I enabled SSL on my site using IIS 7.5 but it tries to authenticate the user using the customer certificate but I don’t…
-
3
votes2
answers148
viewsWhat precautions should be taken when sending an email via PHP
I am developing a contact form for my site, as usual I first make it functional, and then work on the security of it. In the case of a simple form, which will only receive one field name, another…
-
3
votes1
answer84
viewsPassword - Binary Modular Crypt Format
I am currently reducing the size of a database and several are the techniques used. However, I have a question about the decision to make at a point and I would like someone to help me. In the model…
-
3
votes2
answers1012
viewsDoes using a virtual keyboard help security?
Does the use of virtual keyboards (similar to Google’s search) prevent typed data from being collected by Keyloggers? If yes there is a virtual keyboard that can indicate?
-
3
votes2
answers729
viewsKey Doubt in Symmetric Encryption
Hello, researching on cryptography li on symmetric cryptography, asymmetric, digital signature... But I have a question, when we use a software like Truecrypt, Keepass or others of the genre the…
-
3
votes3
answers527
viewsProtect secret configuration file
I have an isolated file of the others called config.php. It holds information of 3 Databases and some secret passwords, but necessary for the functioning of the system as a whole. I wanted to…
-
3
votes1
answer222
viewsWhat is the best practice to restrict access to the website’s administration system?
I wanted to create an administration system for the site, I did so so that users have associated with you a level field and if this is a given value they can access administrator control, otherwise…
-
3
votes2
answers85
viewsFixed and unique value on Android in Unity 3D
I’m having trouble getting a unique and fixed value in C#, I need to get a value like this, for security reasons of my software. I’ve tried using the SystemInfo.deviceUniqueIdentifier, but…
-
3
votes1
answer77
viewsAjax and php protection
Using ajax in my case can bring some security flaw? If so, how do I resolve it? javascript: $(function() { if($('#login_submit').length !== 0) { $('#login_submit').on('click', function() {…
-
3
votes0
answers670
viewsHow to simulate https at http://localhost?
How can I simulate https in Xampp so that it returns me the url showing if everything is ok or there are security holes in the scripts used?
-
3
votes2
answers492
viewsPHP security failure
I noticed an unusual activity on my site (e-commerce opencart 2.0.2.0) this is the command they used http://www.meusite.com.br/?…
-
3
votes1
answer92
viewsHow to add the BUILTIN Administrators group in SQL Server for Operating Systems that are not in English?
During the installation of my application on a server, the following line is executed: using (var com = con.CreateCommand()) { com.CommandText = "CREATE LOGIN [BUILTIN\\Administrators] FROM…
-
3
votes1
answer227
viewsWhat does 'redacts password' mean?
In the Influxdb documentation, I found the following note: Note: Influxdb redacts passwords when you enable Authentication. Source:…
-
3
votes1
answer83
viewsPDO with Emulated prepares is unsafe? What’s the difference?
I recently did some research on the internet and noticed that several people say that PDO does not protect 100% against Injection, specifically with Emulated prepares. If possible someone give me an…
-
3
votes2
answers2197
viewsIs encrypting the database an efficient measure? How to protect data against leaks?
With the recent problems of password leaks and personal information from the most diverse sites, there is evidence of a lack of zeal regarding the storage of such information by certain companies,…
-
3
votes2
answers82
viewsConversion of byte array to string when compiling revealing the string in C compiled code
I am using the function below to make the conversion of byte array for a string, but when analyzing the compiled code I note that the string is clearly shown (using an Hex editor), what I do not…
-
3
votes3
answers145
viewsHow to have id security exposed in links - PHP + Javascript
PHP language. I have a grid where I have in each row buttons to edit and delete that record with javascript actions passing the id of that record to effect the action. My problem is related to…
-
3
votes1
answer300
viewsApache logs: checking a slowloris attack
I’m simulating an attack slowloris to a Debian server running Apache. The attacking machines are Debian as well. In order to make sure that the attack slowloris was effective, would like to access…
-
3
votes1
answer887
viewsHow to make your program reliable - windows security
I finished a step of a program and we will start to put in production, however, when running the program is always displayed the message below: What should I do to make my program reliable? and stop…
-
3
votes1
answer306
viewsPHP x C++ web performance and security
Today I work in a company that manages some sites with too much traffic, which is generating some problems of server overload and etc. These sites are mostly news portals and are running Wordpress,…
-
3
votes1
answer118
viewsIs there any other reason to compress Javascript in the source code besides getting smaller?
Most libraries come with the compressed code as follows <script>(function(){function c(b){window.setTimeout(function(){var…
-
3
votes1
answer403
viewsHow to get the same strcpy() result with strcpy_s()?
I downloaded a C++ code from the internet and when I open the solution, the following error: Error C4996 'strcpy': This Function or variable may be unsafe. Consider using strcpy_s Instead. To…
-
3
votes2
answers946
viewsEncryption with bcrypt + random salt
I have a simple question about encryption using bcrypt with salt. When in old projects I used md5, to check in a login form if the user typed the correct password and authenticate, it was customary…
-
3
votes1
answer154
viewsbash - How to prevent malicious code execution via input?
I own a script (script.sh) who receives a environment variable: echo $MINHAVARIAVEL But when calling it via terminal, I realized that I can pass commands through this variable, and these commands…
-
3
votes0
answers59
viewsHow to know what should be protected by Encryption on a Site?
I would like to know how I define/know if a site I will develop needs to be "protected by encryption"? Of course, excluding obvious cases such as card data in an e-commerce for example. I guess not…
-
3
votes1
answer119
viewsHow to upload safely?
How to do upload/download of a file on an FTP server without this server’s login information being visible in the code? For example, I nay I want to do the following: string FTPhost =…