Most voted "security-guard" questions
This tag is used for security related issues and attacks against the software application.
Learn more…395 questions
Sort by count of
-
1
votes1
answer291
viewsObfuscate code in Actionscript 3.0 in SWF Flash?
I found this program called Sothink SWF Decompiler reverse engineering in archives .SWF converting them to .FLA, leaving, even, all the programming of the file visible and open to the user. Is there…
-
1
votes2
answers9591
viewsHow to avoid SQL Injection in my PHP application?
Explanation: Most applications using PHP, should receive parameters, by $_GET or $_POST and these parameters often become an easy target for users with bad intentions, and this is called SQL…
-
1
votes1
answer1293
viewsHow to verify an encrypted password during Login?
When I try to log in: if I use the wrong username and password, only the contents of the header and of footer. if I use the correct username and password, the login does not recognize the user:…
-
1
votes1
answer296
viewsHow to make only the webroot folder visible to everyone?
In the Cake documentation, it indicates there you should only have this folder visible to everyone. How can you do that? This protects my application’s code from being tampered with?…
-
1
votes1
answer63
viewsASP.NET Membership: Framework Exchange 3.5 to 4.5
Can anyone tell me what I can get in "Membership" damage if I change my framework from 3.5 to 4.5? I have doubts if my login system will be intact, IE, if it changes nothing of the user control that…
-
1
votes1
answer87
viewsMemcached + Tomcat authentication
I’m testing the Memcached to implement failover on my Tomcat servers. Is there any way to implement user/password security? Memcached will be on a public IP, so I find it unsafe that he’ll be…
-
1
votes2
answers10106
viewsChange SQL SERVER SA Password with Windows Admin Account
I received a machine with an instance of SQL Server 2008 installed, I can access this instance through SQL Server Management Studio Express with my Windows administrator account but I can’t perform…
-
1
votes2
answers7643
viewsApplication Security Change for Medium Trust
I recently uploaded a system I created in Asp.Net using MVC and Entity to the Kinghost web server. On localhost and on my own server it works normally. When trying to access the application on the…
-
1
votes0
answers1823
viewsMocking the Recaptcha
I have a website made in VB.net and he has a contact form where he has a Google Recaptcha 2 in it and today had a citizen who is able to send messages in this form and going through Recaptcha…
-
1
votes1
answer510
viewsDesktop App + DB Online (Hosting)
Good afternoon, Guys, my question is the following, in my connection of a desktop application with online database: 1st question: What is the best way to stay safe the connection made with the…
-
1
votes1
answer623
viewsHow to protect attack site
Recently I was the target of an attack on my site, this attack defaced my server, was uploaded and then ran this script, see: if (isset($_POST['red'])){ system('ln -s / red.txt'); $fvckem…
-
1
votes1
answer606
viewsUser control with PHP permissions
Good people took a system developed in PHP with mysql database running and passed me the task of creating user profiles or a tool for the system administrator to put what he wants the user to see,…
-
1
votes0
answers95
viewsSee which user created or changed a Linked server
Sirs, How to audit the creation or modification of Linked Servers in SQL Server 2008 or higher? (See who created or changed a Linked server).
-
1
votes1
answer26
viewsHelp with Infrastructure
I have a Desktop system that every 1 hour makes a query in the database and generates a file .xml and a system javaWeb who reads that .xml. I developed this solution because the company I work with…
-
1
votes0
answers31
viewsCan we avoid Sqlinjection with mysqli_real_scape_string only?
Example: $conexao = mysqli_connect("localhost", "user", "password", "my_db"); $pegaNome = $_POST['nome']; function insere($conexao, $pegaNome) { $nome = mysqli_real_scape_string($conexao, $nome);…
-
1
votes1
answer370
viewsAre there security issues when using sessionStorage for data storage?
Is there a problem related to the security of a web system that uses sessionStorage for temporary storage of a user’s data? In practice, the use of sessionStorage is a good practice? In my…
-
1
votes1
answer311
viewsSet cryptographic key fixed
The code below is working perfectly for both encryption and decryption, however, when closing the app and putting the generated code before closing it (I open the encryption app a word and close the…
-
1
votes1
answer602
viewsEncryption of GET and POST request parameters
I am beginner in java and I am studying java web, mainly servlets and JSP. And I need to develop a web application as a college job, focused on security. For this I would like to encrypt the URL’s…
-
1
votes0
answers50
viewsHow can an inline style cause security problems?
Working with the Twitter API, I received the following message in the browser when trying to authenticate: Refused to apply inline style because it violates the following Content Security Policy…
-
1
votes1
answer146
viewsDo I need to use session_generate_id on all pages?
Guys I met this function recently, I know it generates another random id for the session, but my question is the following, can I use this function only once in case after logging in, and in the…
-
1
votes1
answer162
viewsProblem trying to transfer files using Apache FTP implementation in Java
I am performing file transfer via FTP using JAVA. I’m using the classes Ftpclient and Ftpserver apache. In a specific environment, sometimes files are not transferred. I call the method…
-
1
votes1
answer491
viewsTools and tests to improve a system’s security?
Hello, researching a little on the subject of security, I was in doubt if there is a tool that tests the security of a PHP system, trying to apply various forms of invasion in the system. 'Cause I…
-
1
votes2
answers274
viewsRestrictions of AD Groups
I’m currently developing a Webapp where I have already managed to get login to confirm the user credentials in the AD. Basically the login already works correctly. My goal now is to create 1 group…
-
1
votes1
answer294
viewsHow to validate a wmsAuthSign hash in php?
I have the following code that creates a hash security for authentication on media servers, would like to know how it could be validated in php itself, media servers should use some logic for this,…
-
1
votes2
answers317
viewsPersonalize PHP session cookie
I’m using a Handler customized to save sessions on MongoDB and a custom class to create cookies attribute-ridden SameSite using the function header(), although this specification is not widely…
-
1
votes1
answer26
viewsSecurity on a web system by checking other open content
I’ve seen some websites that have evidence online with monitoring, capturing which screens the user opened on the computer, be it browser tab or other software, this question can be closed because…
-
1
votes0
answers77
viewsDoubt about access control
I’m looking to make an application Android which achieves CRUD in a database MYSQL. I’ve researched that the way to do this is by using a Webservice. I’m new in this area but I’ve done a simple via…
-
1
votes0
answers259
viewsView-Source + PHP or JS
Hello, I am a new student in this area and would like to know how I copy the view-source code into a textarea, it is only a question for studies and in the future I intend to make a security system…
security-guardasked 7 years, 8 months ago DeehLeh 11 -
1
votes2
answers795
viewsRead files . CAP efficiently with Python
I have some. CAP files originated from catching packages with tcpdump. When trying to open with wireshark, the machine gets very slow, because I imagine he tries to load everything to RAM. I would…
-
1
votes2
answers159
viewsExtracting Window and Time values from a network dump
The following network dump (PCAP format file) is the result of capturing a denial of service attack in the laboratory: I would like to extract the time (Unix time) and the window value (win) and…
-
1
votes1
answer966
viewsShow HTML via PHP or not?
In fact, it’s very common to see all the code HTML escaped inside the tags PHP. "For printing large blocks of text, going out of PHP’s interpretation mode is usually more efficient than sending all…
-
1
votes0
answers179
viewsWhere to store private key generated in Webservice?
I have the following scenario: (and unfortunately I can’t change anything in the infrastructure, but I can change anything in relation to the code of the Application and the Webservice) An intranet…
-
1
votes1
answer3969
viewsStorage of credit card data in the database
I’m about to incorporate a payment module into my mobile application (I plan to use Moip and in the future Pagseguro). I would like an Uber-style payment system, in which the customer provides his…
-
1
votes1
answer426
viewsRijndael encoding based on 64 in C#
I’m doing a Rijndael encryption and I imagine I’m close to finishing it, but when I decrypt I’m in error: Invalid length of data to be decrypted. using System.Text; using static Array; class…
-
1
votes2
answers649
viewsCheck the form to see if password entered is easy
I want to create a script so that in the registration form I have, check the most used and less secure password. That is, check for example passwords written by users and do not allow logging, such…
-
1
votes1
answer4088
viewsHow does the DES algorithm work?
I am in doubt about how the Data Encryption Standard works, someone could explain in a didactic way?
-
1
votes0
answers30
viewsProtect content from php files?
I don’t know if I’m doing it right, but I have a file called Setting.php in my project, but I’m not sure that it is protected because it contains the login information of the Cpanel admin, so if…
-
1
votes1
answer171
viewsMemory and CPU consumption during a denial of service attack. How to understand statistics?
The following line was on the Ubuntu crontab: */2 * * * * echo -e "`date`\n\n`free` \n\n`vmstat`\n" >> /home/hacker/free_vmstat_output.txt Extract from the free_vmstat_output.txt file two…
-
1
votes1
answer74
viewsGetopenfilename() used with user personification
I have a process that requires SYSTEM privileges and for this purpose is launched by a service. When this process executes the function Getopenfilename() to open a select file dialog box, I get an…
-
1
votes1
answer396
viewsEntity Framework vs SQL Injection (security?)
Hello! I’m new to development so excuse me if the question is silly. If it’s thanks link’s with references so I can better inform myself. As much as I understand the concept and the use of SQL…
-
1
votes1
answer112
viewsHow to save a private key locally in security?
I am developing an application for Android/iOS mobile devices, in this application the communication with the server is done in encrypted form. The user application, when first started, generates a…
-
1
votes0
answers249
viewsThere are anti-ddos in apache ? What measures should I take by apache for prevention?
In greater detail: I believe that I am suffering some kind of attack, I suspected and I put an anti ddos, and it has already blocked some addresses, it released me the network and returned to…
-
1
votes0
answers137
viewspassword_verify() PHP 5.5.12 Not working
I’m having trouble with password_verify (). A few days ago, the same password and hash worked perfectly. Today, password_verify returns false, but I know the password is correct. $senhaC =…
-
1
votes1
answer151
viewsC++ string protection using Mysql Connector
I made a little program to check my database, and wanted to see if the strings were protected (from the password user and the database) and in the case are not. I decompiled the program using IDA…
-
1
votes2
answers222
viewsWhat are the character types generated by the password_hash() function?
The output I noticed after some data was encrypted by the function password_hash() is around alphanumeric values and some special characters like $ . and /. There are more special characters than…
-
1
votes0
answers33
viewspassword_hash vs performance
One of my biggest concerns when I’m developing an application has always been the performance it would have, especially on shared servers, which most of my clients focus on. Micro-optimizations are…
-
1
votes1
answer1785
viewsDefinition of firebase security rules
How can I define a safety rule that: Allow read and write access to recipes if the logged in user is the user who registered it Allow read access to recipes if the tipo for true Do not allow read…
-
1
votes2
answers300
viewsHow to Protect the Clickjacking Site
Hello, I scanned my site and found that it is vulnerable to clickjacking type attacks, I saw that a solution would implement the header-frame-options x HTTP, my doubt is how to implement it? Would…
-
1
votes0
answers343
viewsCGI is out of use, but what if I want to make a secure web system on an intranet?
I know there are many ways to create a secure web system with technologies like PHP. NET and etc, however these interpreted languages expose the code to curious when the system should be installed…
-
1
votes0
answers26
viewsData security in a Plumber R api
Friends, I created an api with Plumber for client data transfers, that is, confidential data. In the address of the url goes the ip of my machine. Regarding the security of data traffic and the…