Most voted "security-guard" questions
This tag is used for security related issues and attacks against the software application.
Learn more…395 questions
Sort by count of
-
3
votes1
answer137
viewsProtect the server from "false requests"
I’m having second thoughts about security. When I want to add date or receive, I make an HTTP POST or GET request to my server, which returns the JSON response. Assuming it is an application that…
-
3
votes1
answer85
viewsPrevent browser autocomplete in password
I have a lock screen that depresses the user by inactivity, asking only the password of the same to access again. It happens that this screen has no use if autocomplete is on, since anyone can touch…
html security-guard input browser self-cmpleteasked 6 years, 9 months ago dalton gonzalo Fuentes 155 -
3
votes1
answer112
viewsWhat is the safest way to display ID (primary BD key) on web pages?
I am in the development of a web application, which would be necessary in some cases to make available in HTML (for JS to interact) ID of user posts, ID of comments and others... Example: <div…
-
3
votes4
answers183
viewsCompare if password is correct
How to create a simple Javascript that only asks the user to enter the password 1234 to appear the message password released, if it misses 3 times appear blocked account. My code so far: var senha;…
-
3
votes2
answers258
viewsIs it possible to manipulate SESSION variables to perform SQL Injection?
I’m not an expert on cyber attacks and I have a little doubt about the safety of my projects. Basically one of the ways I prevent injections SQL is creating a function "treatString()", for example,…
-
3
votes1
answer2585
viewsProtect php files from direct access without locking to the system
In terms of routing, my site is divided into two parts: First, it has an app folder inside root, where it is contained all the files of the site in MVC system, and second, next to the app, a set of…
-
3
votes0
answers190
viewsWhat is the difference between the terms X.509 and PKCS#7 in digital certificates?
Via a Webapi . Net 4.6.1 I am integrating with a service that requires data to be sent on a connection TLS 1.2 duly digitally signed using the standard PKCS#7, but when checking an example of…
-
3
votes0
answers77
viewsAre web security standards insufficient?
Well, above all, in addition to the issue I will raise here, I would also like to raise a debate, the security standards for system authentication are not insufficient? Context of the problem: I…
-
3
votes1
answer51
viewsIs there a way to specify a hash, version, or signature when running `npx` (from npm)?
I am creating a generator to generate some static HTML pages. However, I came across the situation of having to use the NPX to use the AMP Optimizer. I can execute the command as follows:…
-
2
votes1
answer495
viewsWhat security breaches were found in Oauth 2.0?
Yesterday I read that text saying that serious security flaws have been found in Oauth. The content of the text, in particular, makes it seem like you can’t use Oauth, no way. The problem with this…
-
2
votes1
answer377
viewsIs it only possible to write code with bugs or vulnerabilities in C?
Anyone who is programmer and experienced knows an implicit truth: C is practically the language of the gods. C corresponds to at least 98% of the software that runs on all computers and thanks to…
-
2
votes1
answer532
viewsCSRF validation giving error after a time without use
I have an application already running with codeigniter and I have csrf enabled in the system. The problem is on a page that has a form that sends to itself, is a filter, but it is the following, the…
-
2
votes2
answers260
viewsHow do programs store saved passwords?
On the internet it is common to have the "remember password" in the login fields. I know this is done by the developers of the application, but how google Chrome, for example, stores a saved…
-
2
votes1
answer722
viewsUsername and password appear on console after POST
The code below makes a POST of the data entered by the user in the login. $http.post('api/v1/login', object).then(function (results) { return results.data; }); Note that I pass as a parameter an…
-
2
votes1
answer546
viewsSecurity issue when uploading
I have an application built with Codeigniter that uploads image files to a directory on the server. Running on the localhost works perfectly. When on the official server, an error is returned when…
-
2
votes1
answer573
viewsHow to configure security for dedicated servers and VPS?
I’m having problems with virtualized and dedicated server security settings (VPS). What I need to do to protect my Linux server, with Apache, against major security threats such as rootkits, open…
-
2
votes1
answer1167
viewsWhere can I get the Android source code?
I’m writing a documentation, in which I need to know what the source code is so that an application can check the entire mobile device, behind settings that the user has not made, for example: if…
-
2
votes2
answers103
viewsIs there any risk of not validating the name of a function used in JSONP?
Generally, when a service is available JSONP one of the things to be passed by parameter is the name of the callback that will be used in javascript. Example: $dados = [1, 2, 3]; $json =…
-
2
votes1
answer173
viewsTechniques to maintain data consistency in the front end
Example: In a form, some fields (input) are loaded via ajax from a select. To option selected will be used in the back-end for validation of those fields. However, the user can load a certain…
-
2
votes2
answers115
viewsSecurity MYSQL Android
I’m doing a login system. But I’m in doubt: I connect to the database through PHP? I mean I would just open the link and the Server would execute the procedure? or do it directly from the app via…
-
2
votes2
answers48
viewsHow not to let a Domain appear on Google and other search engines
I have an online system and would not like my domain to appear on google or other search engines, would like to make it private. there is some way to do this?
-
2
votes1
answer144
viewsHow does the Bennett & Brassard protocol work?
I’m studying a matter of quantum cryptography and I’m not understanding the workings of the Bennett & Brassard protocol, it all seems random and meaningless... Even reading other things on the…
-
2
votes2
answers245
viewsCheck if user changed POST request
I have a javascript application that runs on the client side, in this application the user can trigger events that communicate with the server of my site through a POST request. However, I need to…
-
2
votes1
answer435
viewsHide Tomcat version on error pages
I have a API Rest running on a server Tomcat. If I try to directly access the API and some error happens to the error page of Tomcat is displayed: Notice that at the end is the following passage:…
-
2
votes1
answer123
viewsAjax - Protect Webservices
I am building an Asp.net MVC application and make many calls to actions and webservices via ajax (jquery or Angularjs). How could I hide these calls, or ensure they are made only by my app? For…
-
2
votes0
answers59
viewsHow to protect the application against unwanted requests?
I have an application for course management, in which several requests are made via ajax that are processed in the background: getListCurso(), findDisciplinaById(), deleteAluno(), etc. But anyone…
-
2
votes0
answers234
viewsP7s signature with C#
Guys, I have a p7s file that can hold multiple digital signatures, I managed to get the X509certificate2 class to get the last signature that was made in the file, I need to get all the signatures…
-
2
votes2
answers640
viewsAre there security problems by Auto Macro Run when calling Excel?
The link below deals with auto macro execution when starting the Excel I had the purpose of controlling the use of a VBA.…
-
2
votes2
answers402
viewsOn the RSA cryptography
Hello, RSA encryption generates public.key and private.key However, if I make some application in java, and the "hacker" get these Keys, it can extract the content. You can camouflage these…
-
2
votes1
answer562
viewsCalculation of Shannon entropy in network traffic (saved in CAP file) using Python
I have a dump file (CAP format) of a network traffic capture made with Ubuntu’s tcp dump. Until a certain time, it is a traffic free of attacks. Then, begin a series of attacks of type TCP SYN…
-
2
votes2
answers578
viewsFunction to create hash in SRI pattern
I was looking at a new specification W3C SRI (Subresource Integrity) which roughly means Integrity of the Sub-resource that promises to bring more security to resources hosted on third-party servers…
-
2
votes2
answers356
viewsChecking a Dos/Ddos attack (Denial of service) on a network dump (PCAP file)
from scapy.all import * import dpkt f1 = open("semAtaque.pcap") pcap = dpkt.pcap.Reader(f1) f1.close() f2 = open("Ataques.pcap") pcap = dpkt.pcap.Reader(f2) f2.close() I have two network traffic…
-
2
votes1
answer41
viewsIs my database access function secure?
I have a file that has CRUD operations with PDO and Mysql, my question is if I leave my functions as the function below: function delete($tabela, $id) { global $con; $sql = "DELETE FROM " . $tabela…
-
2
votes1
answer52
viewsHow is the encryption of a Securestring made and stored?
The class SecureString is used to represent a text that must be kept confidential in memory (passwords, card numbers, balances, etc.), and carries out its correct deletion from memory when said text…
-
2
votes1
answer271
viewsUsing TLS 1.2 in . NET Framework 2.0
I’m looking to use TLS 1.2 on a call Webclient in the framework .NET 2.0 It is possible? try { using (System.Net.WebClient client = new System.Net.WebClient()) { string u = client.UploadString(url,…
-
2
votes1
answer1660
viewsC# AES encryption with MD5
I’m doing a college paper where I need to encrypt a string with AES and Md5. When I do the encryption, returns the normal result (I think), but when I go decrypt, returns the following error:…
-
2
votes0
answers215
viewsIs there any specification for authentication on Websocket servers?
I was wondering what an authentication process would look like on a Websocket server. I intend to use the Javascript API for Websocket. But I would like to have a more restricted and controlled…
-
2
votes2
answers64
viewsBest way to avoid attack by image update?
What’s the best way to avoid an image attack? The attacker adds malicious code to the image and updates it to the server and executes the code as if it were an image, how to avoid this type of…
-
2
votes1
answer137
viewsWhich Safer, Web Application or Web API?
I have a project where there will be a web API to "communicate" with mobile applications. This one is for consultation only. In addition to this, there will be the administration that summarizes the…
-
2
votes1
answer424
viewsIs it possible to reverse engineer applications in React Native?
I’m working on my TCC and I’m researching reverse engineering, and as I work with React, I was wondering if it’s possible I have an APK get the javascript code from it. I know that using apktool and…
javascript security-guard react-native reverse-engineeringasked 6 years, 6 months ago Raphael Sampaio 21 -
2
votes3
answers106
viewsHow to create unmanaged variables?
When a variable is created, a value in memory is allocated to it, which can be accessed by any system on the outside from the address of that memory. Creating a file to store the contents of a…
.net security-guard memory-management garbage-collectorasked 6 years, 6 months ago CypherPotato 9,292 -
2
votes1
answer115
viewsHacker attack on the site panel
I installed the Wordfence plugin and every day I get hacker attack report to wp-admin/site dashboard. I decided to change the admin address with the plugin Protect WP-Admin, like this:…
-
2
votes1
answer614
viewsBlock file download via PHP script
Hi, I’m having trouble downloading some files. I suspect that someone on the team is 'inputando' a php script that downloads files from the server (such as bd settings in production). I wonder if it…
-
2
votes1
answer343
viewsDifference between ACL and RBAC access control types?
I would like to know the difference between these two types of ACL and RBAC access control. I’ve been reading about them, and I’ve been a little confused to understand them. The following questions…
-
2
votes0
answers89
viewsWhat is Mixed Content? And what are the "Optionally Lockable Content" and "Lockable Content"?
Although I understand almost nothing about this subject I was reading about the Protocols and Safety Certificates, because I saw this alert Mixed Content on a website Reading about it I came across…
-
2
votes1
answer65
viewsIs exposing the PRIMARY KEY of an entity considered a serious security problem?
Considering a very basic example: suppose there is a web system in which the user can view his profile (and other users) through a unique identifier passed to a route, for example:…
-
2
votes0
answers48
viewsWhat precautions should I take to create a checkout page?
Hello! I am developing an e-commerce in Reactjs and doing the integration with Pagseguro and, although it is possible to use their checkout page, I would like to create mine and only send the data…
-
2
votes4
answers620
viewsHow to delete files and folders recursively safely with Python?
Guys, I’m trying to create a script to delete my files and folders in a safe way, just like it does the shred, srm, etc...but I would like to do this with Python script. I was able to find a…
-
2
votes0
answers28
viewsPHP Autoload x Include - Include insecure?
I’m having a problem with a recent work, where I was asked about the security of a site in PHP developed. The same suffered several attacks of brute force this last week, and the responsible for the…
-
2
votes0
answers57
viewsWhy is this C code vulnerable?
I’ve been doing some code analysis exercises and came across an interesting case. The exercise presents a C code with a function and asks what type of attack this code is vulnerable to. I couldn’t…