This tag is used for topics relating to application security and attacks against software. If your question is not about a specific programming problem, please consider instead asking it at Security.SE: http://security.stackexchange.com
0
votes
0answers
3 views
apache httpd disable directory browser
I have configured apache by add Options -Indexes to disable directory browser but how can I access resources from website: in my html file (website from host1) has image take from one another server ...
0
votes
1answer
14 views
Security of rand in ruby compared to other methods
What's the security difference between:
rand(10**100).to_s(16)
# => "a8ef61cbac3b770580cdebb55c1d2cf65cf32b5df57ef44a3bea4658ff66ac37f93b540bfb4c2ddc33e"
And RandomSecure and all the others? is ...
0
votes
2answers
22 views
How to safely store users' credentials to third party websites when no authentication API exists?
I am developing a web app which depends on data from one or more third party websites. The websites do not provide any kind of authentication API, and so I am using unofficial APIs to retrieve the ...
0
votes
0answers
9 views
Android secuirty my App get serial number to device
in my app : I want to prevent user send my app to another phone
i have idea to check serial number to device and every user i sell my app for him
,i will give him app open on his device with his ...
android-studio
0
votes
0answers
26 views
URL injection in PHP?
I'm managing a site written using PHP, and I recently got an alert from google about URL injection/spam links. I uploaded clean versions of the files and changed all passwords. I can't figure out why ...
0
votes
2answers
28 views
Do pre-processor directives protect server code from the client?
I'm developing a client-server library. Some of the classes can be used by either the client or the server but are executed differently and yield slightly different results for each. As well, the ...
0
votes
0answers
5 views
Which is the best way to secure a RESTful WCF to be consumed by ASP.NET web site?
Apart from using Https as a security layer. Which is the best, most recent way to have a good security level on RESTful WCF calls?
Thanks!
3
votes
1answer
17 views
How to securely encrypt secrets over Github Webhooks?
I have a service running on a server that updates and restarts itself whenever I push new code to the repository using Github Webhooks. It has access to a bunch of databases, and the credentials for ...
github
2
votes
0answers
23 views
Securing JS client-side SDKs
I'm working on a React-Redux web-app which integrates with AWS Cognito for user authentication/data storage and with the Shopify API so users can buy items through our site.
With both SDKs (Cognito, ...
0
votes
0answers
4 views
Not able to set the encryption type for Ticket granting ticket of kerberos ticket
I have done the configuration as follows:
Set up AD DC on windows server 2012 R2
Created a domain user and not checked the option "This account supports Kerberos AES 128 bit encryption", "This ...
0
votes
0answers
4 views
How to securely connect to my MongoDB replicaset?
I have a MongoDB replica set that recently got hacked and hackers deleted my database. I don't want this to happen again. What I would like is, only a handful of programs like my MongoDB replica set ...
0
votes
2answers
18 views
How can I display a warning to users who open the Chrome console, like Facebook and Blockchain does?
When I open the console on some sites like Facebook and Blockchain, I get a warning like the one below, I was wondering how I can do that on my site? Display a warning telling the user it's dangerous ...
google-chrome
-1
votes
0answers
19 views
Spring security - whitelist IP range
A lot of resources and stackoverflow questions that I've viewed provide answers to using .xml files:
IP filter using Spring Security
http://websystique.com/spring-security/spring-security-4-method-...
0
votes
0answers
18 views
How to protect a file while still allowing file_put_contents to append it?
Let's assume you have a blog with user registration and for various reasons you decide to keep some of the less important user information in a file. You use file_put_contents to create and then ...
0
votes
1answer
9 views
Where is Asp.Net Core source code for EphemeralKeyRing Class?
Was EphemeralKeyRing omitted from GitHub for Security Reasons?
This one is a brain teaser. I've spent quite a bit of time lately reading and and absorbing the hierarchy of classes that relate to asp....
0
votes
0answers
15 views
Is it possible to get root password of centos server if you have mongodb server access?
Our mongodb server was recently hacked, and the attackers left a bitcoin address behind so that we can pay them. Obviously, we won't pay them.
They erased all our data, but we are still in ...
0
votes
0answers
16 views
How does a CORS filters protect me from XSS attacks
I have the following implementation of a CORS filter:
@Singleton
@Provider
public class CORSFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext ...
0
votes
0answers
7 views
Migrating from JBoss 6 to 7, republish now expires user sessions?
We recently migrated a project from JBoss 6.1 to 7.0 with only minor modifications. Currently, our team uses Eclipse with the Red Hat JBoss extension to manage the server.
The project is configured ...
1
vote
0answers
9 views
How can I query the MSMQ “Message Queuing” security settings?
I'm looking to write a PowerShell script to verify the security configuration of MSMQ on some of our servers, e.g. the contents of the Security tab when I run compmgmt.msc, then go to Computer ...
0
votes
1answer
12 views
Restrict git / code access to front-end developer
I want to add a front-end developer to my project, but don't want to give full access to my bitbucket repository as I want this person to only work on front-end related code (TWIG template engine, ...
0
votes
1answer
21 views
Symfony 2 access_controll redirection with params
is there is some way to redirect to login page with message using symfony 2 access_control?
I need current role but only one exception in sub route.
I want to create some session bag message without ...
0
votes
0answers
18 views
Sending sensitive data to PHP server via jQuery Ajax
I know that the problem is quite common and google around a bit and reviewed Stack's forum but I would like to make sure I understand this issues correctly.
The problem:
I would like to create a ...
-1
votes
0answers
9 views
How to stop Local file Inclusion Attack
I used Apache 2.4 server ,angular js and Spring in my web application How can i Stop Local File Inclusion attack in my web application.
-1
votes
0answers
32 views
encrypted QR code and key size
So we're doing a project about an attendance system ,the idea that we have an encrypted data in a qrcode that will be sent to a server to be extracted and then decrypted using a key stored in a ...
0
votes
0answers
8 views
Handle user login from an app to a website
I have an app and a web site that both can be logged into with the same login details. We have a web view in the app that needs to show a page from the web portal. Ideally management don't want to ...
2
votes
0answers
21 views
Dealing with URL phishing attempts
Been looking at the usage statistics for my website, and I keep seeing tons of attempts to access WordPress, Joomla, blogs, feeds, asp files, etc. The funny part is I do not have any of that stuff on ...
2
votes
2answers
51 views
I found this strange code in root directory. Does it mean if my website hacked?
I am sorry to ask a silly question but I am not able to figure this out. I found a PHP file in my root directory with strange code. I know little bit PHP but this is a very strange code inside the PHP ...
0
votes
0answers
30 views
Is this a practical method for securing a Mobile API?
I'm building a mobile API & library for logging analytics and have been exploring different methods of securing the API to prevent unwanted 3rd parties from logging data or intercepting user data. ...
0
votes
0answers
14 views
ClientMessageInspector add BinarySecurityToken and Signature
I'm trying to consume Java Web Service using C# in desktop application.
My first attempt was using WebServicesClientProtocol, but I'm not able to add necessary attribute that is required by WSSE ...
0
votes
1answer
20 views
How to set size and amount of log files (stdout, stderr) in tomcat?
I recently deployed a java app on my production server. In which I have installed Tomcat version 8.5 and I have been having problems since the log files stderr and stdout grow in size exaggeratedly ...
-1
votes
0answers
16 views
Device Fingerprinting Prevention [on hold]
I am trying to find a away to bypass the device fingerprinting without doing fresh installs of windows or altering plugins, fonts and so on.
I am wondering if device fingerprinting can be bypassed ...
-1
votes
0answers
24 views
Encryption of a string using symmetric key crypto protected by passphrase [on hold]
I have been searching for secure method encrypting a give string using strong symmetric crypto in PHP. The catch being it must only be decrypt-able by some passphrase.
I have checked out openSSL but ...
-1
votes
1answer
23 views
What's the potential risk to my local network if I set port forwarding for Raspberry Pi [on hold]
I recently setup my RPi just for learning Linux, python and some basic electric circuit for small projects. Sometime I need to access to my system through internet, so I set port forwarding function ...
0
votes
0answers
9 views
Prevent UIWebView Cross-Site Scripting - iOS
In my app, I've used UIWebView in many places, and for security I was advised to not to cache any data. And I've used the below codes to clear cache
[[NSURLCache sharedURLCache] ...
0
votes
0answers
11 views
How does Xposed Framework hook methods in Android
I am going through Xposed framework in Android. Specifically reading blog - http://d3adend.org/blog/?p=589 for potential countermeasures and have couple of question on those line.
So when we hook a ...
0
votes
0answers
32 views
ssh packets sniffing from my router with scapy
I want to sniff ssh connection to any pc on my network. I have scapy on my router and I would like to get a sniff result whenever someone connect to any of my pc in my network using ssh. This what I ...
0
votes
0answers
11 views
How to controle access to websocket server?
I recently began using WebSockets and I noticed that anyone with the link could start listening to my WebSocket server, and I don't want that.
I want to allow only my application users to use the ...
2
votes
1answer
30 views
Make sure a request is sent from original software?
I'm currently making an open source browser extension that will send requests to my site. This can easily be done with Ajax, a request will be sent to the page action.php.
My site will use PHP, well ...
1
vote
0answers
13 views
Fix Fragment Injection vulnerability in Xamarin Android
As you know Android Developers:
Beginning March 1, 2017, Google Play will block publishing of any new apps or updates where PreferenceActivity classes may be vulnerable to Fragment Injection
In ...
0
votes
0answers
5 views
Datatrans security for addresses
I'm building a payment integration for Datatrans. The goal is being able to get an authorisation token.
I'm sending to upStart.jsp the merchantId, amount, currency and the reference number, all of ...
-3
votes
0answers
16 views
Is 'Cipher' is the best encryption and decryption on PHP? [on hold]
im new on PHP and i wonder if this encryption/decryption method is good for the security, if not can u guys tell me which one is the best for it?
/**
* Cipher
*
* Simple mcrypt interface.
*
* ...
0
votes
1answer
30 views
Encryption of database data
Now I know this question has been asked many, many times regarding where to do encryption, what to encrypt and what to encrypt with.
Anyway, when it comes to encryption of data within the database I ...
1
vote
1answer
29 views
Hide a library source code
I am developing an android library and I want to hide it's code.
I am using other library, and for some of them, when trying to access their code with Android Studio, you only get the list of methods ...
-1
votes
1answer
31 views
Can pass login page with wrong password/username AngularJS
If type the username or password once wrong and change manually the URL to my home GUI, I get access to it without any authentication.
I can't explain why :/
this is my app.js, where all the routing ...
1
vote
0answers
39 views
How to check if “verify app” is enabled or disabled programmatically
I've a security requirement to alert users if google's "verify app" is disabled on app launch. The problem is that I dont know any way to check whether "verify app" is disabled or not.
I tried to use ...
0
votes
0answers
29 views
TLS over Core Bluetooth
I need to talk to a peripheral via Bluetooth. A device for which we also control the firmware.
We have been asked to secure the data that is transmitted between the central (iOS device) and the ...
1
vote
1answer
29 views
Security of SSH generated in GitKraken
I have a question regarding security of a SSH key generated in GitKraken. Until now, I’ve been using SSH key generated with PuTTYgen and local SSH agent (Pageant). It works well and I like the fact ...
0
votes
2answers
29 views
Prevent XSS attacks in WCF calls
I have a WCF service which has basicHttp endpoints exposed. The issue is reported in PEN testing that service accepts strings containing script tags and returns the strings with script tag which when ...
1
vote
0answers
16 views
Recommendation on authorization flow
I have a simple web application created using ASP.NET MVC. The web app allows user to register using OpenID and then a corresponding record is saved in the DB representing that user. Now, I am ...
1
vote
0answers
15 views
How to solve this 'SendMail Mail Relay Vulnerability'
I have used openvas to scan vulnerabilities in my server.
I got this SendMail Mail Relay Vulnerability. But don't know how to resolve this.
Could you please give an hint to resolve this.
Related Tags
php × 6571
java × 4576
c# × 2884
javascript × 2498
asp.net × 2271
encryption × 2116
authentication × 1846
android × 1822
.net × 1518
ssl × 1444
mysql × 1284
passwords × 1070
spring × 1010
ios × 912
web-services × 881
cryptography × 881
html × 879
xss × 810
asp.net-mvc × 803
https × 787
hash × 746
wcf × 744
session × 735
windows × 732
database × 691
more related tags
Hot Network Questions
- How to re-index a series?
- Is there a "reverse-Accio" spell?
- Someone is using my (or has the same) email
- Would an interstellar exoplanet telescope make sense?
- Reference request (famous mathematicians for High School)
- Is it secure to login to your online banking through a third party?
- Definiteness of fractions
- Why don't the other countries of Europe maintain massive military as Russia does?
- What to do with all the heat in a Dyson Sphere?
- Has the 9th Circuit Court been overturned 80% of the time?
- Ping-Pong game in Java
- Which Deck of Many Things cards are depicted in this art?
- Should I leave my full time job to finish school quicker?
- How could a submarine-like vehicle steer and propel itself in a superfluid?
- lvalue reference became invalid after passing through an identity funciton
- I've killed my colleagues' characters during RPG session, now they won't talk to me
- Intuitively understand why the Poisson distribution is the limiting case of the binomial distribution
- Why do people do postdoc(s) when they can already do it(research) as a professor?
- How to make visually distinct factions in a modern setting
- How should I respond to a (positive) email about my career path that I don't think was supposed to come to me?
- What are the disadvantages of having postdocs or visitor in the lab?
- Can wind immediately freeze something?
- Is my proof correct? (Limits)
- session expiration API call
