Most voted "security-guard" questions
This tag is used for security related issues and attacks against the software application.
Learn more…395 questions
Sort by count of
-
1
votes1
answer68
viewsSecurity of a website
I’d like to ask a few questions. My site is protected against SQL Injection attacks because I am using Mysqli with bind in addition to external scripts against this problem protection. And the HTTPS…
-
1
votes1
answer2145
viewsHow does bcrypt work?
I don’t quite understand the workings of salt of bcrypt, in a javascript code (Node): const bcrypt = require('bcrypt'); const saltRounds = 10; async function init(plainPassword) { let salt = await…
-
1
votes1
answer156
viewsClassification of network attack data (attack or no attack)
I’m using the dataset: https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/ The goal is to classify a sample as attack or no attack. A good idea would be to use…
-
1
votes2
answers69
viewsCapture traffic with Wireshark
I am trying to monitor an external connection to my server (on the same network of my machine) but in wireshark only shows the traffic of my machine, I am using the local interface with promiscuous…
-
1
votes1
answer371
viewsProtection of sensitive data in your database
What is the most appropriate way to protect sensitive data such as: CPF, credit card number, cvv, expiration date, etc. I have never had to store this kind of data in my applications, because I use…
-
1
votes1
answer170
viewsPOST disabled in JBOSS EAP 7
I implemented a service with JAX-RS that features GET and POST operations: @Path("/funcionario") @Singleton public class FuncionarioService { private List<Funcionario> funcionarios = new…
-
1
votes1
answer50
viewsBind amounts in PHP and other languages
Safety and performance is extremely important for any application, so some techniques are used for development. One of them is the bind to perform any type of query in your database. When you do it…
-
1
votes1
answer915
viewsHow to request via c#? Webrequest vs Httpclient
I have a project in . Net Framework 4.6.1, and in my research I concluded that I can use the class Webrequest to request other web services via backend. I wish I could make requests using any http…
-
1
votes1
answer199
viewsLogin Security with PHP and AJAX safely targeting
Recently I had to make a login system with access levels, but when directing the user to a given page hit me a question regarding the security of the code. Ignore the validations, I will show only…
-
1
votes0
answers92
viewsHow to generate a nonce with mod unique_id for Content Security Police?
I’m trying to generate a nonce to the CSP, I have already enabled the mod unique_id of the Apache, and .htaccess is already generating correctly. Header set Content-Security-Policy-Report-Only…
-
1
votes1
answer393
viewsWhat is the advantage of using a Refresh Token instead of just the Access Token?
I understand the difference between Access Token and Refresh Token, there already exists a question about it here at Sopt. I also saw Soen issues involving the use of Refresh Token. Amid spend a…
-
1
votes0
answers49
viewsAPI access control using Flask JWT Extended
Hello. I am working on an API (Flask/Python) that should receive requests from an application (React-Native) and a Webapp (Flask/Python). For some requests you will need the login control. I am…
-
1
votes1
answer39
viewsHow to hide personal data on the front end
When we want to hide some personal data in the back end we use the file .env, and then retrieves this information using process.env.[KEY_NAME], but that only works in the back end because as the…
-
1
votes1
answer40
viewsIs it possible to customize the native browser permissions dialog?
Can anyone tell me how I can (if it is possible) manipulate via JS the authorization notification to activate the client browser microphone? My goal is not to access without the user’s permission…
-
0
votes4
answers6839
viewsBlock pages using login and Session
I’m developing a website that has an administrative panel. That panel has a login, my problem is that I can enter the panel through the link, that is to say, it is not safe, anyone is able to enter…
-
0
votes3
answers1532
viewsSession is not being destroyed with session_destroy()?
I immediately in my session, created a logout.php page to destroy the session. So far so good I can scroll down but when I click the back button of the browser I log back in. As I destroy the…
-
0
votes1
answer371
viewsI can run any query on SQL Server without passing credentials, is that normal?
I was looking to restart the SQL Server service, that’s when I discovered a way to manipulate the database without logging into the system. See: I opened Management Studio. I canceled the…
-
0
votes2
answers91
viewsSecure authentication between different systems
My scenario is the following: A php system authenticates the user and should call my application (Java) stating which user this is. My application does not authenticate this user, it only receives…
-
0
votes2
answers160
viewsProtecting the php code
I’m creating a system that encrypts some data and saves it in the database. Suppose this encryption is md5 and happens in the directory meusite.com.br/controller.php. How do I prevent someone…
-
0
votes1
answer124
viewsDoubt replace javascript function
Anyone can explain to me what these parameters mean within the function replace (/</g) , (http:\/\/\S+)/g function escape(s) { var text = s.replace(/</g, '<').replace('"',…
-
0
votes1
answer130
viewsAre additional measures to prevent SQL injection attacks really necessary?
I was taking a look at some projects on the internet that involve security and came across the following code. All requests to the site were redirected to index.php for mod_rewrite, the connection…
-
0
votes0
answers57
viewsEmail and password visibility after Ubmit (Facebook)
I have a question about passwords. I decided to do an "experiment" to see the security of data sent by forms, and even using security protocol I noticed that it is literally possible READ AND SEE…
-
0
votes1
answer63
viewsI want example of why replacing ' with '' and for parameters of a query is dangerous
I see many posts on this subject, but I do not see any example that has fit for this my case. function sanitize($value) { $val = str_replace("'", "''", $value); $val = str_replace("\\", "\\\\",…
-
0
votes0
answers36
viewsTo replace Extract, huh?
Analyzing an application with the RIPS tool, I found that the main menu part uses these functions below and is extremely vulnerable: extract( $_POST ); extract( $_GET ); extract( $_SESSION ); Which…
-
0
votes2
answers1151
viewsVulnerability in my system "forgot password"
I created a system in case the user forgets the password, but I have doubts about one thing... HTML+PHP System <html> <head> <link rel="icon" href="favicon-16.png" sizes="16x16">…
-
0
votes0
answers47
viewsC library with auto checksum
I’m creating a library/library for Android in C, and I’d like to know how to get it to display its own checksum, so, should you suffer any "alteration" once compiled, the checksum change.…
-
0
votes0
answers46
viewsSecurity when entering data into the database
Next, I have a contact form on one page, and I would like it to only work within the page itself, and not for third parties to be able to submit POST requests for malicious programs or ETC,…
-
0
votes2
answers117
viewsShould I validate data in javascript and php?
I have a file that sends some data to another page with ajax. These data are mostly numbers, and are not stored anywhere. Just picked up some data on inputs and send to the archive php with ajax,…
-
0
votes2
answers922
viewsSecure connection to the database
I was told that this connection mode is not safe, but I did not understand very well why it is not. <?php $conecta = mysql_connect("HOST", "LOGIN", "SENHA") or print (mysql_error()); print…
-
0
votes0
answers33
viewsHTTPS Only on client
Hello.I’m starting now on WEB programming, and I came across a question before the website I’m developing aired.As you all know, safety is essential and extremely important for any system.My system…
web-application security-guard server-client https client-sideasked 7 years, 10 months ago henrique romao 173 -
0
votes1
answer1682
viewsCan you "hide" the password that goes in mysqli_connect?
$server = exemplo.com; $user = root; $senha = 123; $conexao = msqli_connect($server, $user, $senha); I know the php page is not visible to the user, but nowadays, you cannot underestimate Cracker.…
-
0
votes1
answer56
viewsJoomla with security problems in the GSC
We have a site in Joomla, on Google it started to appear with insurance, we Google security problems with strange Urls. We have seen that Google encounters problems with pages of this type:…
-
0
votes1
answer106
viewsEncrypt critical data in the database
Thinking about security, and minimizing the problems in case someone disabled can have remote access to the database server, I thought to encrypt the critical data. Critical data examples (defined…
-
0
votes1
answer89
viewsIs it possible to change values on the screen and send to the server?
I work in an Asp.Net application where some values like order price and products are collected from the form. The final order total is made over the sums of the values that come from the form, from…
-
0
votes0
answers38
viewsWhich is safer PDO or mysqli_*?
I was reading and I saw that many say, PDO merely simulates the prepared statements and consider a disadvantage, I wonder then... Which is safer? Or which is more susceptible to SQL Injection or any…
-
0
votes1
answer164
viewsWhy is there so much talk about security in targeted programming?
I program in C and now I decided to explore the world of POO through the C#language. I see that many people talk about security and this is precisely my doubt, when programming I see that the…
-
0
votes1
answer98
viewsRun firebase on a single domain
I’m learning to work with firebase recently. I made a simple example removing user authentication to chat. That way I need to implement some kind of security, so I have two questions regarding the…
-
0
votes1
answer977
viewsUpload validated files by php
I have a script simple of upload of files by PHP. This upload moves the files, which should be images, to a folder. I can only accept images jpg, png egif`. I just realized that there are images…
-
0
votes0
answers136
viewsArchive . htaccess being rewritten in Wordpress
The site has been presenting the error for some time: Your PHP installation appears to be Missing the Mysql Extension which is required by Wordpress. I checked with the hosting server and we noticed…
-
0
votes2
answers212
viewsPermissions management using Active Directory
I am developing an ASP.NET C# application and at the moment I am at the login point which is almost finished. I’m using<authentication mode="Windows"></authentication> and a code that…
c# asp.net security-guard authentication active-directoryasked 7 years, 7 months ago Andre Brandao 109 -
0
votes1
answer214
viewsWhat is the best and safest way to identify a device in the webservice?
I am developing an APP (currently only Android - pure Java), it consumed a webservice made in PHP (using the mini Framework Silex). As we know today we have to protect everything to the fullest, so…
-
0
votes2
answers122
viewsHow to safely store AWS credentials in a Java application?
I have a Java Desktop application that is distributed to customers. I need, from now on, send data from this application to Amazon S3. For this you need to set the credentials AWS (accessKeyId and…
-
0
votes1
answer900
viewsSecurity in PHP BD Access
I’m setting up a website, and I’m not sure how to secure my database. I currently have a "Security" folder with the file connection.php who connects with the comic book. I give a include in this…
-
0
votes1
answer432
viewsHide password from database
Good Afternoon, I have some websites whose database password, I store in a connection string, on the web.config. Any programmer who has access to hosting ftp, can read the web.config file and view…
-
0
votes1
answer36
viewsWhat class is similar to Aescryptoserviceprovider in . NET Core?
I am migrating an application to . net core and need to use the AesCryptoServiceProvider, that worked perfectly in other versions of . NET Framework. But when using on . NET Core Visual Studio warns…
-
0
votes1
answer266
viewsHow to remove photos from public folder or protect to not be accessed by URL using Intervention image with Laravel?
I am using the image Intervention is this all working, my doubt and I would like to remove the saved photos from the public folder not to be accessed by the URL or protect the access by the URL for…
-
0
votes1
answer56
viewsData Security/Access in Visual Studio Team Services (VSTS)
I have access to Visual Studio Team Services (www.meudominio.visualstudio.com) and at first I use only the application as security Microsoft Authenticator , that is to say, two-step verification of…
visual-studio security-guard microsoft visual-studio-onlineasked 7 years, 1 month ago Augusto Formentão 82 -
0
votes3
answers141
viewsWhich HTML attribute cannot be modified?
Using PHP I display a table, in id of each li, I put the id of the record that is in the database. Once they displayed, I have an option that deletes the record, I do it through AJAX, caught the id…
-
0
votes1
answer214
viewsMysql connection security using PDO, am I doing right?
It is safe to connect with Mysql only using the following form below? <?php function conectar() { $server = "localhost"; $dbname = "banco"; $dbuser = "usuario"; $dbpass = "senha"; try { $con =…
-
0
votes0
answers216
viewsBruteforce login lock in php
I have a system with captcha on my site to try to block this login, but it is very inconvenient because the user needs to do it every time they log in, so How to show catpcha after N login attempts?…