Gang Of Coders
Home
About Us
Contact Us
All Security Solutions on Gang of Coders
Total of 443 Security Solutions
The definitive guide to form-based website authentication
Forms
Http
Security
Authentication
Language Agnostic
Why does Google prepend while(1); to their JSON responses?
Javascript
Json
Ajax
Security
How should I ethically approach user password storage for later plaintext retrieval?
Security
Password Encryption
Password Storage
Practical non-image based CAPTCHA approaches?
Security
Language Agnostic
Captcha
Is "double hashing" a password less secure than just hashing it once?
Security
Hash
Passwords
Cryptography
Password Hash
What reasons are there NOT to use OpenID?
Security
Web Applications
Openid
What encryption algorithm is best for encrypting cookies?
Php
Security
Cookies
Encryption
Remember Me
What's the advantage of scrypt over bcrypt?
Security
Bcrypt
How can a virus exist in an image?
Image
Security
Virus
Is CSRF possible with PUT or DELETE methods?
Security
Csrf
Node.js Express Framework Security Issues
Security
node.js
Express
Single Sign-On in Microservice Architecture
Security
Cloud
Single Sign-On
Microservices
Paas
Encrypted and secure docker containers
Python
Security
Encryption
Docker
Sql Server 2005 how to change dbo login name
Sql Server
Sql Server-2005
Security
Active Directory
Cross Domain Login - How to log a user in automatically when transferred from one domain to another
Security
Authentication
Dns
Single Sign-On
How can I protect myself from a zip bomb?
Java
Python
Security
Compression
Zip
How do I implement salt into my login for passwords?
Security
Hash
Password Protection
Salt
Somebody is storing credit card data - how are they doing it?
Security
Encryption
Credit Card
What are all the user accounts for IIS/ASP.NET and how do they differ?
asp.net
Security
Iis
User Accounts
Which functions in the C standard library commonly encourage bad practice?
C
Security
C99
Standard Library
Which of sprintf/snprintf is more secure?
C
Security
Unix
Printf
Secure Coding
What are good ways to prevent SQL injection?
C#
Sql
Security
Sql Injection
Is the behavior behind the Shellshock vulnerability in Bash documented or at all intentional?
Bash
Function
Security
Environment Variables
Shellshock Bash-Bug
AWS Lambda: How to store secret to external API?
node.js
Security
Amazon Web-Services
Aws Lambda
How to give non-root user in Docker container access to a volume mounted on the host
Security
Docker
SecurityException: not allowed to perform OP_READ_PHONE_STATE
Android
Security
Android Permissions
Android 6.0-Marshmallow
Log4j vulnerability - Is Log4j 1.2.17 vulnerable (was unable to find any JNDI code in source)?
Java
Security
Log4j
Log4j2
Exploit
Is it worth encrypting email addresses in the database?
Security
Email
Encryption
Storing Documents as Blobs in a Database - Any disadvantages?
Performance
Security
Document
Blob
Document Management
How secure would github hosting be for private repositories?
Git
Security
Github
Version Control
Where is the PEM file format specified?
Security
Openssl
Cryptography
Certificate
How To Secure Web Service Without Login
Ios
Web Services
Security
Why is it good save to save sessions in the database?
Php
Performance
Codeigniter
Session
Security
How to Create Secure(TLS/SSL) Websocket Server
node.js
Web Services
Security
Ssl
Websocket
How are the IV and authentication tag handled for "AES/GCM/NoPadding"?
Java
Security
Encryption
Cryptography
Aes Gcm
Default SecurityProtocol in .NET 4.5
.Net
Security
Ssl
Can a username and password be sent safely over HTTPS via URL parameters?
Security
Authentication
Https
Create an ActiveRecord database table with no :id column?
Mysql
Ruby on-Rails
Ruby
Security
Activerecord
What is the best "forgot my password" method?
Security
Md5
Application Design
Forgot Password
File containing its own checksum
Security
Checksum
Data Integrity
How safe are PHP session variables?
Php
Security
How to make Authorize attribute return custom 403 error page instead of redirecting to the Logon page
C#
.Net
asp.net Mvc
Security
Authorization
Is strip_tags() vulnerable to scripting attacks?
Php
Html
Security
Xss
Strip Tags
Is either GET or POST more secure than the other?
Html
Http
Security
Post
Get
Simple caret (^) at end of Windows batch file consumes all memory
Windows
Security
Batch File
Cmd
CORS - localhost as allowed origin in production
Rest
Security
Http
Webserver
Cors
Are Google Cloud Functions protected from DDoS attacks?
Security
Google Cloud-Platform
Google Cloud-Functions
What common web exploits should I know about?
Security
Testing
Preventing Brute Force Logins on Websites
Security
Login
Brute Force
Secure cookies and mixed https/http site usage
Session
Cookies
Https
Security
Secure hash and salt for PHP passwords
Php
Security
Passwords
Hash
Protection
How can I sanitize user input with PHP?
Php
Security
Xss
Sql Injection
User Input
"Keep Me Logged In" - the best approach
Php
Security
Session
Remember Me
How can I safely set the user principal in a custom WebAPI HttpMessageHandler?
asp.net
.Net
asp.net Mvc
Security
asp.net Web-Api
Laravel: What is "remember_token" in the "users" DB table?
Laravel
Security
Authentication
Token
Using API keys in a react app
Reactjs
Security
Api Key
Found 4 vulnerabilities on npm install
Reactjs
Security
React Native
Npm
Why restrict the length of a password?
Database
Security
Web Applications
Passwords
How do I create a Java sandbox?
Java
Security
Plugins
Sandbox
Today's XSS onmouseover exploit on twitter.com
Javascript
Jquery
Security
Twitter
Xss
Are secret URLs truly secure?
Security
Url
Mysqldump launched by cron and password security
Mysql
Security
Mysqldump
Is it safe to use $.support.cors = true; in jQuery?
Jquery
Xss
Security
Permission denied at hdfs
Shell
Security
Hadoop
Permissions
Hdfs
How to pin the Public key of a certificate on iOS
Iphone
Ios
Ipad
Security
Ssl
Where do you store your salt strings?
Security
Authentication
Hash
Cryptography
Salt
How to sanitze user input in PHP before mailing?
Php
Security
Email
Sanitize
Why is Chrome reporting a secure / non secure warning when no other browsers aren't?
Security
Google Chrome
In .NET/C# test if process has administrative privileges
C#
.Net
Windows
Security
HTML5 localStorage security
Html
Security
Node.js hashing of passwords
node.js
Security
Cryptography
Passwords
Password Hash
How do I log in to AWS Console with an IAM user account?
Security
Authentication
Amazon Web-Services
Amazon Iam
What is really a Principal in .NET?
C#
.Net
Security
How Do You Secure database.yml?
Ruby on-Rails
Security
Deployment
Requested registry access is not allowed
C#
.Net
Security
Uac
Registry
What is md5() for?
Php
Security
Passwords
Create a mutable java.lang.String
Java
String
Security
Authenticating requests from mobile (iPhone) app to ASP.Net Web API (Feedback requested on my design)
Iphone
Security
Authentication
asp.net Web-Api
Token
Disable copy paste in HTML input fields?
Javascript
Html
Security
Passwords
Copy Paste
Buffer overflow works in gdb but not without it
C
Security
Buffer Overflow
Fortify Source
Memory Safety
How does the SQL injection from the "Bobby Tables" XKCD comic work?
Security
Validation
Sql Injection
Exploitable PHP functions
Php
Security
Grep
How are ssl certificates verified?
Algorithm
Security
Ssl
Certificate
Removing the remembered login and password list in SQL Server Management Studio
Sql Server
Security
Login
Ssms
How do I create a self-signed certificate for code signing on Windows?
Security
Code Signing
Best practices when running Node.js with port 80 (Ubuntu / Linode)
Linux
node.js
Security
Web Applications
Configuration
What is a retpoline and how does it work?
Security
Assembly
X86
Cpu Architecture
Spectre
Simplest two-way encryption using PHP
Php
Security
Encryption
Cryptography
Encryption Symmetric
How do you Encrypt and Decrypt a PHP String?
Php
Security
Encryption
Cryptography
Encryption Symmetric
Payment Processors - What do I need to know if I want to accept credit cards on my website?
Security
E Commerce
Pci Dss
What is the best practice for dealing with passwords in git repositories?
Git
Bash
Security
Github
Passwords
Where to store JWT in browser? How to protect against CSRF?
Security
Authentication
Cookies
Csrf
Jwt
Will web browsers cache content over https
Security
Https
Is SecureString ever practical in a C# application?
C#
Security
How to retrieve a file from a server via SFTP?
Java
Ftp
Sftp
Security
JWT refresh token flow
Security
Authentication
Oauth 2.0
Jwt
How to reset Jenkins security settings from the command line?
Linux
Security
Jenkins
Command Line
SHA512 vs. Blowfish and Bcrypt
Security
Encryption
Passwords
Hash
What is the difference between a cer, pvk, and pfx file?
Security
Public Key
Why do people put code like "throw 1; <dont be evil>" and "for(;;);" in front of json responses?
Javascript
Ajax
Security
Json
What's the purpose of Django setting ‘SECRET_KEY’?
Python
Django
Security
Encryption
Generating a random password in php
Php
Security
Random
Passwords
Difference between java.util.Random and java.security.SecureRandom
Java
Random
Cryptography
Security
What is the best way to stop people hacking the PHP-based highscore table of a Flash game
Php
Actionscript 3
Security
Actionscript
Actionscript 2
How can prepared statements protect from SQL injection attacks?
Sql
Security
Sql Injection
Prepared Statement
Docker and securing passwords
Security
Build
Docker
Fastest hash for non-cryptographic uses?
Php
Database
Security
Hash
JavaScript: client-side vs. server-side validation
Javascript
Security
Validation
What is the meaning and difference between subject, user and principal?
Java
Spring Security
Terminology
Security
Why is char[] preferred over String for passwords?
Java
String
Security
Passwords
Char
SSO with CAS or OAuth?
Security
Oauth
Single Sign-On
Cas
ASP.NET Identity's default Password Hasher - How does it work and is it secure?
C#
asp.net
Security
Passwords
asp.net Identity
How to remove ASP.Net MVC Default HTTP Headers?
asp.net Mvc
Security
Http Headers
Best Practices for securing a REST API / web service
Wcf
Security
Rest
Authorization
Rest Security
How do I turn off Oracle password expiration?
Oracle
Security
How serious is this new ASP.NET security vulnerability and how can I workaround it?
asp.net
.Net
Security
Padding Oracle-Attack
AngularJS changes URLs to "unsafe:" in extension page
Javascript
Angularjs
Security
Google Chrome-Extension
PHP $_SERVER['HTTP_HOST'] vs. $_SERVER['SERVER_NAME'], am I understanding the man pages correctly?
Php
Apache
Security
Owasp
Should I impose a maximum length on passwords?
Security
Encryption
Passwords
How to avoid reverse engineering of an APK file
Android
Security
Proguard
Reverse Engineering
Can local storage ever be considered secure?
Html
Security
Local Storage
Html5 Appcache
When would I need a SecureString in .NET?
.Net
Security
Encryption
In what cases will HTTP_REFERER be empty
Security
Http Headers
Cross Domain
Http Referer
Referrer Policy
Secure Web Services: REST over HTTPS vs SOAP + WS-Security. Which is better?
Web Services
Security
Rest
Soap
How to convert SecureString to System.String?
C#
.Net
Security
Encryption
How to deal with a slow SecureRandom generator?
Java
Performance
Security
Random
Entropy
Convert .pfx to .cer
Security
Certificate
Pfx
Two-way encryption: I need to store passwords that can be retrieved
Php
Security
Encryption
Passwords
Has reCaptcha been cracked / hacked / OCR'd / defeated / broken?
Security
Captcha
Ocr
Recaptcha
Why Does OAuth v2 Have Both Access and Refresh Tokens?
Security
Oauth 2.0
Oauth
Access Token
Refresh Token
How can I store my users' passwords safely?
Php
Security
Passwords
Salt
Password Hash
Cross Domain Form POSTing
Html
Security
Http
Csrf
Same Origin-Policy
Spring Test & Security: How to mock authentication?
Spring
Security
Model View-Controller
Testing
Junit
Best Practices: Salting & peppering passwords?
Security
Hash
Passwords
Salt
Password Hash
Exposing database IDs - security risk?
Database
Security
Unit testing with Spring Security
Java
Security
Unit Testing
Spring
Spring Security
Best way for a 'forgot password' implementation?
Security
Authentication
Passwords
Forgot Password
.NET obfuscation tools/strategy
.Net
Security
Obfuscation
What is the App_Data folder used for in Visual Studio?
asp.net
.Net
Visual Studio
Security
App Data
SQL injection that gets around mysql_real_escape_string()
Php
Mysql
Sql
Security
Sql Injection
Obscure a UITextField password
Ios
Swift
Iphone
Security
Ipad
What does it mean when they say React is XSS protected?
Reactjs
Security
Xss
How to allow http content within an iframe on a https site
Html
Security
Http
Iframe
Https
How to prevent Screen Capture in Android
Android
Security
Screenshot
Snapshot
Screen Capture
Convert String to SecureString
C#
.Net
Security
Securestring
How do I prevent Android taking a screenshot when my app goes to the background?
Android
Security
Android Lifecycle
What security risks exist when setting Access-Control-Allow-Origin to accept all domains?
Ajax
Security
Cors
Http Headers
Is JSON Hijacking still an issue in modern browsers?
Javascript
Json
Security
Browser
Tornado
Hiding a password in a python script (insecure obfuscation only)
Python
Security
SecurityError: Blocked a frame with origin from accessing a cross-origin frame
Javascript
Jquery
Security
Iframe
Same Origin-Policy
Are HTTPS headers encrypted?
Security
Post
Encryption
Https
Get
How can bcrypt have built-in salts?
Security
Hash
Internals
Bcrypt
What is the purpose of base 64 encoding and why it used in HTTP Basic Authentication?
Security
Encryption
Base64
Why are iframes considered dangerous and a security risk?
Html
Security
Iframe
Difference between Hashing a Password and Encrypting it
Security
Language Agnostic
Encryption
Hash
Passwords
What is the best Distributed Brute Force countermeasure?
Security
Authentication
Brute Force
Is it secure to store passwords as environment variables (rather than as plain text) in config files?
Ruby on-Rails
Django
Security
Passwords
Environment Variables
Are PDO prepared statements sufficient to prevent SQL injection?
Php
Security
Pdo
Sql Injection
Access is denied when attaching a database
Sql Server
Security
Administration
How can a JACC provider use the Principal-to-role mapping facilities of the server it's deployed on?
Security
Jakarta Ee
Glassfish
Authorization
Jacc
How do I get the entity that represents the current user in Symfony2?
Entity Framework
Security
Symfony
How does this checkbox recaptcha work and how can I use it?
Security
Recaptcha
hash function in Python 3.3 returns different results between sessions
Python
Security
Hash
Python 3.3
Hash Collision
Authentication versus Authorization
Security
Authorization
Authentication
Can I protect against SQL injection by escaping single-quote and surrounding user input with single-quotes?
Sql
Security
Sql Server-2000
Sql Injection
Sanitization
How to hash a password
C#
Security
Hash
Passwords
Windows Phone-7
Google Authenticator available as a public service?
Security
Authentication
Google Oauth
Why is this code vulnerable to buffer overflow attacks?
C
Security
Buffer Overflow
PHP Session Fixation / Hijacking
Php
Security
Session
Session Cookies
How can I prevent SQL injection in PHP?
Php
Mysql
Sql
Security
Sql Injection
Why is it not advisable to have the database and web server on the same machine?
Database
Security
Networking
Infrastructure
Hardware Infrastructure
How do Google+ +1 widgets break out of their iframe?
Html
Security
Browser
Iframe
Google Plus-One
Android Game Keeps Getting Hacked
Android
Security
Google Play
Copy Protection
How do API Keys and Secret Keys work? Would it be secure if I have to pass my API and secret keys to another application?
Security
Amazon S3
Passwords
Api Key
Secret Key
How can pass the value of a variable to the standard input of a command?
Security
Bash
Stdin
OAuth secrets in mobile apps
Iphone
Android
Security
Mobile
Oauth
Is using an outdated C compiler a security risk?
C
Security
Gcc
Is there any way to put malicious code into a regular expression?
Regex
Security
How to securely store access token and secret in Android?
Android
Security
Oauth
Preferences
Token
Encrypt Password in Configuration Files?
Java
Security
Encryption
Configuration
Cryptography
How does this giant regex work?
Php
Regex
Security
Cryptography
Disable cross domain web security in Firefox
Security
Firefox
Cross Domain
Cors
Should JWT be stored in localStorage or cookie?
Security
Cookies
Local Storage
Jwt
Restful Authentication
Should I hash the password before sending it to the server side?
Security
Authentication
Login
Https
Android SharedPreference security
Android
Security
Sharedpreferences
CSRF protection with CORS Origin header vs. CSRF token
Javascript
Security
Cors
Csrf
What is the best way to prevent session hijacking?
Security
Session
Cookies
How to send password securely over HTTP?
Http
Security
Encryption
Text
Passwords
JWT (JSON Web Token) automatic prolongation of expiration
Security
Authentication
Jwt
What is the difference between Integrated Security = True and Integrated Security = SSPI?
Sql Server
Security
Connection String
Database Security
Keystore type: which one to use?
Java
Security
Ssl
Jsse
Why not use HTTPS for everything?
Security
Https
Disable firefox same origin policy
Security
Firefox
Same Origin-Policy
PHP Session Security
Security
Php
How to read a HttpOnly cookie using JavaScript
Javascript
Security
Cookies
How to securely save username/password (local)?
C#
Security
Local
What 'sensitive information' could be disclosed when setting JsonRequestBehavior to AllowGet
asp.net Mvc
Json
Security
Http Post
Http Get
Best practices for server-side handling of JWT tokens
Security
Authentication
Token
Jwt
Secret Key
I need to securely store a username and password in Python, what are my options?
Python
Security
Encryption
How to do stateless (session-less) & cookie-less authentication?
Security
Authentication
Session Cookies
Stateless
Cookieless
Why is using the JavaScript eval function a bad idea?
Javascript
Security
Eval
Google Authenticator implementation in Python
Python
Security
Authentication
One Time-Password
Google Authenticator
How to create a laravel hashed password
Php
Security
Laravel
Hash
Passwords
How to obtain the location of cacerts of the default java installation?
Java
Security
What's the best approach for generating a new API key?
Security
Api Key
Remove Server Response Header IIS7
Security
Iis 7
Header
Response
How to encrypt/decrypt data in php?
Php
Security
Encryption
Cryptography
Encryption Symmetric
Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?
Php
Security
Xss
Sql Injection
What is an API key?
Api
Security
Terminology
Api Key
What is token-based authentication?
Security
Authentication
Token
Http Token-Authentication
How to add Active Directory user group as login in SQL Server
Sql Server
Sql Server-2008
Security
Authentication
How to properly add cross-site request forgery (CSRF) token using PHP
Php
Security
Session
Csrf
XMLHttpRequest cannot load file. Cross origin requests are only supported for HTTP
Security
Google Chrome
SSL Error: unable to get local issuer certificate
Security
Ssl
Https
Openssl
Ssl Certificate
What is the best way to implement "remember me" for a website?
Security
Cookies
Remember Me
When you use 'badidea' or 'thisisunsafe' to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
Google Chrome
Security
Ssl
Certificate
X-Frame-Options Allow-From multiple domains
asp.net
Security
Iis 7
Header
Internet Explorer-9
What are the risks of running 'sudo pip'?
Python
Security
Pip
Sudo
GPG vs SSH keys
Security
Github
Ssh
Ssh Keys
Gnupg
AES vs Blowfish for file encryption
Security
Encryption
Aes
Blowfish
API Keys vs HTTP Authentication vs OAuth in a RESTful API
Security
Api
Restful Authentication
Why use an API key and secret?
Api
Security
Authentication
Api Key
Secret Key
Why is the standard session lifetime 24 minutes (1440 seconds)?
Php
Security
Session
How to restrict Firebase data modification?
Security
Firebase
Fundamental difference between Hashing and Encryption algorithms
Security
Encryption
Hash
Cryptography
Defeating a Poker Bot
Security
Artificial Intelligence
Poker
Best way to store password in database
Database
Security
Passwords
The necessity of hiding the salt for a hash
Security
Encryption
Hash
Brute Force
What's the right OAuth 2.0 flow for a mobile app
Security
Mobile
Oauth 2.0
Why is printf with a single argument (without conversion specifiers) deprecated?
C
Security
Printf
Format Specifiers
Puts
Disable-web-security in Chrome 48+
Google Chrome
Security
Same Origin-Policy
Best practices around generating OAuth tokens?
Security
Encryption
Oauth
Hash
How to create .pfx file from certificate and private key?
Windows
Security
Iis
Certificate
Ssl Certificate
How to Export Certificate from Chrome on a Mac?
Security
Google Chrome
Certificate
Export
Pinning
What is SQL injection?
Sql
Sql Injection
Security
How do I secure REST API calls?
Security
Web Applications
backbone.js
Rest
client secret in OAuth 2.0
Security
Oauth
Google Api
Oauth 2.0
What is the difference between CORS and CSPs?
Security
Web
Cross Site
https URL with token parameter : how secure is it?
Security
Url
Https
Token
How to limit setAccessible to only "legitimate" uses?
Java
Security
Reflection
Securely storing passwords for use in python script
Python
Security
SSL and man-in-the-middle misunderstanding
Security
Ssl
Man in-the-Middle
Is there a difference between authentication and authorization?
Security
How do you set up use HttpOnly cookies in PHP
Php
Security
Cookies
Xss
Httponly
Which $_SERVER variables are safe?
Php
Security
The EXECUTE permission is denied on the user-defined table types?
asp.net
Security
Sql Server-2008
Stored Procedures
User Defined-Types
best practice to generate random token for forgot password
Php
Security
Random
Timestamp
Token
Is it safe to put a jwt into the url as a query parameter of a GET request?
Security
Http
Jwt
Techniques for obscuring sensitive strings in C++
C++
Security
Obfuscation
Defensive Programming
How permission can be checked at runtime without throwing SecurityException?
Android
Security
Permissions
Runtime
If you can decode JWT, how are they secure?
Security
Jwt
Express Jwt
What are best practices for securing the admin section of a website?
Security
Authentication
Algid parse error, not a sequence
Java
Security
Rsa
What command do I use to see what the ECDSA key fingerprint of my server is?
Linux
Security
Ssh
Rsa
Openssh
How to hash long passwords (>72 characters) with blowfish
Php
Security
Hash
Passwords
Blowfish
Difference between SSL & TLS
Security
Ssl
What does it mean to escape a string?
Php
Mysql
Security
Escaping
How does the JPEG of Death vulnerability operate?
C++
Security
Memcpy
Malware
iOS 11: ATS (App Transport Security) no longer accepts custom anchor certs?
Security
Ssl
Ios11
Xcode9
How do you protect your software from illegal distribution?
Security
Licensing
Protection
Software Distribution
Piracy
How to validate domain credentials?
C#
Windows
Security
Authentication
Random number in range [min - max] using PHP
Php
Security
Random
What security mechanisms does Meteor have?
Mongodb
Security
Meteor
Are JSON web services vulnerable to CSRF attacks?
Http
Security
Csrf
Non-random salt for password hashes
Security
Authentication
Hash
Cryptography
Password Protection
Is it safe to trust $_SERVER['REMOTE_ADDR']?
Php
Security
Ip Address
Using openssl to get the certificate from a server
Linux
Security
Certificate
Openssl
Ssl Certificate
C - The %x format specifier
C
String
Security
Format
Why is there no same-origin policy for WebSockets? Why can I connect to ws://localhost?
Javascript
Security
Websocket
Restrict API requests to only my own mobile app
Android
Ios
Security
Mobile
High quality, simple random password generator
Python
Security
Random
Passwords
How to enable DDoS protection?
Php
Security
Ddos
Denial of-Service
How can I protect MySQL username and password from decompiling?
Java
Mysql
Security
Reverse Engineering
Decompiling
How to secure RESTful web services?
Web Services
Security
Rest
Oauth
Restful Authentication
Generating cryptographically secure tokens
Php
Security
Openssl
Token
is there a yarn alternative for npm audit?
Security
Npm
Dependencies
Yarnpkg
Audit
Disable browser 'Save Password' functionality
Security
Browser
Autocomplete
Passwords
Handling passwords used for auth in source code
Java
Security
Authentication
PHP setcookie "SameSite=Strict"?
Php
Security
Cookies
Why should checking a wrong password take longer than checking the right one?
Security
Authentication
Passwords
Are HTTP cookies port specific?
Security
Http
Cookies
Why do salts make dictionary attacks 'impossible'?
Security
Hash
Salt
Dictionary Attack
How to prevent a browser from storing passwords
Html
Security
Browser
JAAS for human beings
Java
Security
Spring
Spring Security
Jaas
What's the risk of deploying debug symbols (pdb file) in a production environment?
.Net
Security
Production
Debug Symbols
Why are strlcpy and strlcat considered insecure?
C
Security
Strncpy
Strlcpy
What should every programmer know about security?
Security
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty on Linux, or why is the default truststore empty
Java
Security
When is it safe to enable CORS?
Ajax
Web Services
Security
Cross Domain
Cors
How to find the privileges and roles granted to a user in Oracle?
Oracle
Security
Oracle10g
User Accounts
Sanitize/Rewrite HTML on the Client Side
Javascript
Html
Security
Html Sanitizing
Are querystring parameters secure in HTTPS (HTTP + SSL)?
Security
Https
Http Get
Authorization approaches and design patterns for Node.js applications
Security
node.js
Design Patterns
Express
Authorization
Do you use the TR 24731 'safe' functions?
C
Security
Coding Style
Tr24731
Override Authorize Attribute in ASP.NET MVC
.Net
asp.net Mvc
Security
Authentication
Authorize
Modelling a permissions system
Security
Permissions
Action
Modeling
How To Become a SAML Service Provider
Security
Authentication
Saml
The difference between the 'Local System' account and the 'Network Service' account?
Windows
Security
How to secure database passwords in PHP?
Php
Database
Security
Use of Initialization Vector in openssl_encrypt
Php
Security
Openssl
How to Implement Password Resets?
C#
asp.net
asp.net Mvc
Security
Why java.security.NoSuchProviderException No such provider: BC?
Java
Security
Cryptography
Jce
How to keep the OAuth consumer secret safe, and how to react when it's compromised?
Android
Security
Oauth
Worst security hole you've seen?
Security
How to prevent CSRF in a RESTful application?
Security
Http
Rest
Authorization
Csrf
How does SQLParameter prevent SQL Injection?
.Net
Sql Server
Security
Why is JsonRequestBehavior needed?
C#
.Net
asp.net Mvc
asp.net Mvc-3
Security
How are SSL certificate server names resolved/Can I add alternative names using keytool?
Java
Security
Ssl
Node.js + Express.js User Permission Security Model
Security
node.js
Express
Ignore 'Security Warning' running script from command line
Security
Powershell
XSS prevention in JSP/Servlet web application
Java
Security
Jsp
Servlets
Xss
How to keep the client credentials confidential, while using OAuth2's Resource Owner Password Credentials grant type
Security
Oauth 2.0
How can sanitation that escapes single quotes be defeated by SQL injection in SQL Server?
Sql Server
Security
Tsql
Sql Injection
Sanitization
JSON security best practices?
Javascript
Ajax
Security
Json
Why is security through obscurity a bad idea?
Security
Encryption
Security by-Obscurity
How does Google Maps secure their API Key? How to make something similar?
Web Services
Api
Security
Google Maps
Api Key
Difference between HTTPS and SSL
Security
Ssl
Https
Communication
Communication Protocol
Authentication in Elasticsearch
Security
Authentication
Elasticsearch
difference between gcc -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2
Security
Gcc
Glibc
Access Control in Domain Driven Design
Security
Domain Driven-Design
Access Control
How do you configure HttpOnly cookies in tomcat / java webapps?
Java
Security
Cookies
Xss
Httponly
Preferred Method of Storing Passwords In Database
Sql Server
Database
Security
Encryption
Passwords
Salt Generation and open source software
Security
Open Source
Encryption
Salt
Rainbowtable
Login without HTTPS, how to secure?
Php
Ajax
Security
Encryption
Cryptography
Detecting if a browser is using Private Browsing mode
Javascript
Html
Security
Browser
Cookies
How to encrypt and decrypt file in Android?
Android
Security
Encryption
How secure is a HTTP POST?
Security
Post
Httpwebrequest
Xmlhttprequest
What are "top level JSON arrays" and why are they a security risk?
Javascript
Json
Security
Xss
Why would one omit the close tag?
Php
Security
Http Headers
Windows equivalent of OS X Keychain?
Windows
Security
Passwords
Keygen tag in HTML5
Security
Html
Ssl
Best way to secure Android app sensitive Data?
Android
Security
Preventing session hijacking
Php
Security
Session
Node.js https pem error: routines:PEM_read_bio:no start line
node.js
Security
Login
Https
Pem
Best way to handle security and avoid XSS with user entered URLs
Security
Url
Xss
Html Sanitizing
Is it secure to submit from a HTTP form to HTTPS?
Security
Https
How to check whether a directory is a sub directory of another directory
Python
Security
Validation
Filesystems
Is redirecting http to https a bad idea?
Security
Ssl
Https
Securing REST API without reinventing the wheel
Web Services
Security
Rest
Why am I suddenly getting a "Blocked loading mixed active content" issue in Firefox?
Http
Security
Firefox
Https
Mixed Content
where do I keep my amazon .pem file on a mac
Security
Amazon Web-Services
Pem
Is ngrok safe to use or can it be compromised?
Security
Ngrok
Google Chrome weird cursor blink on pages, never seen 'em before
Google Chrome
Security
Contenteditable
Best way to store encryption keys in .NET C#
C#
.Net
Security
Encryption
Why is it common to put CSRF prevention tokens in cookies?
Http
Security
Cookies
Csrf
Owasp
SQL Server returns error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." in Windows application
Sql Server
Security
Sqlconnection
Vagrant insecure by default?
Security
Vagrant
Black hat knowledge for white hat programmers
Security
How does the RSA private key passphrase work under the hood?
Security
Encryption
Rsa
SQLAlchemy + SQL Injection
Python
Security
Sqlalchemy
Securing a password in a properties file
Java
Security
Is it possible to check if an email is confirmed on Facebook?
Facebook
Security
Facebook Graph-Api
Single Sign-On
Facebook Authentication
encrypt and decrypt md5
Php
Security
Hash
Passwords
Md5
How should a Facebook user access token be consumed on the server-side?
Facebook
Security
Authentication
Facebook Access-Token
Facebook Authentication
How are software license keys generated?
Security
Cryptography
License Key
Restrict access to a specific controller by IP address in ASP.NET MVC Beta
C#
asp.net Mvc
Security
Web Config
Authorization
Is JSONP safe to use?
Security
Json
Jsonp
Examples of SQL Injections through addslashes()?
Php
Sql
Sql Injection
Security
Best practices to store CreditCard information into DataBase
Mysql
Database
Security
Database Design
Credit Card
Exploitable C# Functions
C#
Security
PreparedStatement IN clause alternatives?
Java
Security
Jdbc
Prepared Statement
In Clause
Secure distribution of NodeJS applications
Javascript
Security
node.js
Deployment
Obfuscation
OAuth2 and Google API: access token expiration time?
Security
Google Api
Oauth 2.0
Google Api-Java-Client
Google Oauth
Is this Rails JSON authentication API (using Devise) secure?
Ruby on-Rails
Json
Api
Security
Devise
Where to save a JWT in a browser-based application and how to use it
Javascript
Web Services
Security
Cookies
Jwt
What is the most secure seed for random number generation?
Security
Cryptography
Random
How to validate uploaded file in ASP.NET MVC?
asp.net Mvc
Security
IE 11 first-party session cookies being lost in iframe
Security
Internet Explorer
Iframe
Cookies
Cross Domain
Is “Code Access Security” of any real world use?
.Net
Security
Code Access-Security
PHP image upload security check list
Php
Security
Upload
How to fake $_SERVER['REMOTE_ADDR'] variable?
Php
Security
Does .pem file contain both private and public keys?
Security
Ssl
Ssh
Openssl
What is the difference between hash salting and noncing?
Security
Hash
Cryptography
Do CSRF attacks apply to API's?
Python
Django
Api
Security
SPA best practices for authentication and session management
Security
Angularjs
Authentication
ember.js
Single Page-Application
Will HTML Encoding prevent all kinds of XSS attacks?
Security
Xss
Html Encode
What are the best practices for avoiding xss attacks in a PHP site
Php
Security
Xss
Finding All Insecure Content on a Secure Page
Browser
Security
Browser Security
Username and password in https url
Security
Https
Url Parameters
How can a Format-String vulnerability be exploited?
C
Security
Format String
Difference between http and https
Security
Http
Https
Http Headers
Looking for suggestions for building a secure REST API within Ruby on Rails
Ruby on-Rails
Ruby
Security
Rest
asp.net Web-Api
What's the difference between Message Digest, Message Authentication Code, and HMAC?
Security
Hmac
Message Digest
MongoDB: is it safe to use document's ID "in public"?
Security
Mongodb
How to create and add users to a group in Jenkins for authentication?
Security
Ldap
Hudson
Openid
Jenkins
Calculating HMACSHA256 using c# to match payment provider example
C#
Security
Cryptography
How to Block 100,000+ Individual IP addresses
Php
Apache
Security
.Htaccess
Save and Load from KeyChain | Swift
Ios
Swift
Security
Keychain
How do you monitor network traffic on the iPhone?
Iphone
Security
Networking
Wireshark
What is this hacker trying to do?
Sql Server
Windows
Tsql
Security
Sql Injection
How can I check if the certificate file I have is in .pem format?
Security
Certificate
Is jQuery .text() method XSS safe?
Javascript
Jquery
Security
Xss
Embedding youtube video "Refused to display document because display forbidden by X-Frame-Options"
Javascript
Php
Html
Security
Embed
Allowing Java to use an untrusted certificate for SSL/HTTPS connection
Java
Security
Https
Securing an API: SSL & HTTP Basic Authentication vs Signature
Security
Authentication
Digital Signature
Rest
Disabling Safari autofill on usernames and passwords
Html
Security
Autocomplete
Safari
Autofill
How to use a client certificate to authenticate and authorize in a Web API
C#
Security
asp.net Web-Api
Ssl Certificate
Client Certificates
What are best practices for activation/registration/password-reset links in emails with nonce
Security
Http
Authentication
Idempotent
How to prevent arbitrary client apps from using anonymous web API?
Security
Api
Web Applications
Removing the password from a VBA project
Vba
Security
Excel
Password Protection
Encrypting/Hashing plain text passwords in database
Security
Encryption
Passwords
Security by-Obscurity
User Group and Role Management in .NET with Active Directory
.Net
asp.net
Security
Active Directory
"The test form is only available for requests from the local machine."
.Net
Web Services
Security
Setting cookie in iframe - different Domain
Security
Iframe
Cookies
What is currently the most secure one-way encryption algorithm?
Algorithm
Security
Passwords
Md5
Password Hash
Is it possible to put binary image data into html markup and then get the image displayed as usual in any browser?
Html
Security
Image
Apache2
Passenger
curl - Is data encrypted when using the --insecure option?
Security
Ssl
Curl
Https
Ssl Certificate
Shouldn't Android AccountManager Store OAuth Tokens on a Per-App/UID Basis?
Android
Security
Authentication
Oauth
Accountmanager
Java Error: "Your security settings have blocked a local application from running"
Java
Security
Applet
How to Secure Android Shared Preferences?
Android
Security
Encryption
Sharedpreferences
How to secure the JavaScript API Access Token?
Javascript
Security
Leaflet
Mapbox
How to send password securely via HTTP using Javascript in absence of HTTPS?
Security
Http
Hash
Password Protection
Hmac
Android In App Billing: securing application public key
Android
Security
Bit Manipulation
In App-Billing
Public Key
Azure AD App Application Permissions vs Delegated Permissions
Azure
Security
Azure Active-Directory
How to stop hack/DOS attack on web API
Java
Android
Http
Security
How to set cookie secure flag using javascript
Javascript
Security
Cookies
Get
Full Secure Image Upload Script
Php
Image
Security
File Upload
Upload
Does it make sense to store JWT in a database?
Spring
Rest
Security
Oauth 2.0
Jwt
Safe value must use [property]=binding after bypass security with DomSanitizer
Javascript
Html
Angular
Security
Ionic2
Generating cryptographically secure authentication tokens
C#
Iphone
Wcf
Web Services
Security
Securly Storing OpenID identifiers and OAuth tokens
Database
Security
Encryption
Openid
Oauth
How can I throttle user login attempts in PHP
Security
Throttling
Honeypot
How to secure phpMyAdmin
Php
Mysql
Security
Ubuntu
Phpmyadmin
JWT authentication for ASP.NET Web API
C#
Security
asp.net Web-Api
Jwt
The ultimate clean/secure function
Php
Security
Xss
Sql Injection
Reference: What is a perfect code sample using the MySQL extension?
Php
Mysql
Security
Sql Injection
How safe is it to host sensitive data on repository sites like github, bitbucket, etc.?
Security
Github
Version Control
Repository
Bitbucket
How to upgrade OpenSSL in CentOS 6.5 / Linux / Unix from source?
Linux
Security
Ssl
Openssl
Centos
WS on HTTP vs WSS on HTTPS
Security
Http
Https
Websocket
Is SecureRandom.ints() secure?
Java
Security
Random
How can I hash passwords in postgresql?
Security
Postgresql
Hash
Cryptography
Salt
Is time() a good salt?
Php
Security
Hash
Passwords
Salt
How can I compute a SHA-2 (ideally SHA 256 or SHA 512) hash in iOS?
Objective C
Ios
Security
Hash
Sha256
How does Content Security Policy (CSP) work?
Javascript
Html
Security
Http Headers
Content Security-Policy
How to redirect all HTTP requests to HTTPS
Security
Http
.Htaccess
Redirect
Https
The app's Info.plist must contain an NSMicrophoneUsageDescription key with a string value explaining to the user how the app uses this data
Ios
Security
App Store-Connect
Ios10
Instabug
What's wrong with XOR encryption?
Security
Encryption
Xor
PHP: Is mysql_real_escape_string sufficient for cleaning user input?
Php
Security
What security problems could come from exposing phpinfo() to end users?
Php
Security
Lock-down iPhone/iPod/iPad so it can only run one app
Iphone
Security
Ipad
Ipod
Jailbreak
Why does PDO print my password when the connection fails?
Php
Mysql
Security
Connection
Pdo
Glassfish DeploymentException: Error in linking security policy for
Security
Deployment
Glassfish
Java Ee-6
netbeans7.0
How to achieve a Safe (!) authentication system in an angularjs app?
Javascript
Security
Authentication
Cookies
Angularjs