Data dodania Pytanie
2017-10-08 23:10 Is string comparison really insecure? »
Some suggest that using simple string comparison to match passwords is insecure due to timing attacks. For example see this question. Well, I tried to...
(1) odpowiedzi
2017-10-07 15:10 When won't double submit cookie help against CSRF? »
If a POST form is supposed to send both a COOKIE header and an hidden input of the cookie value, in which cases could an attacker pass this defense? ...
(0) odpowiedzi
2017-10-04 07:10 How to secure my website from attackers? »
I'm creating a dynamic website using php and I want to secure it from attackers.So what are the methods / tips / coding style / .htaccess to secure t...
(0) odpowiedzi
2017-09-27 15:09 Is my CSRF protection method secure? »
I've been doing my own CSRF protection using PHP. From what I've read I decided to use a cookie to implement my protection but feel a little confused ...
(2) odpowiedzi
2017-09-25 20:09 Disabling authentication for a single page (ColdFusion) »
Let me start by saying I am not really a full-stack developer and this is out of my scope of understanding. I have tried searching for an answer but I...
(1) odpowiedzi
2017-09-24 08:09 Spring Security and CSRF attack »
I am working on a java web application which should be very secure, so I applied the spring security and spring MVC with CSRF enabled on SSL server; I...
(2) odpowiedzi
2017-09-19 17:09 form security token (CSRF) - why use bin2hex in bin2hex(random_bytes(32)) »
I'm trying to add a token to my form to beef up the security(i.e. CSRF). All I've found so far (on stackoverflow, and many other sites) is the recomme...
(1) odpowiedzi
2017-09-18 03:09 encrypt password in android(client side) and decrypt in server side PHP with rsa »
I have encrypt my password in android(client side) with rsa. As we know its using public key to encrypt and private key to decrypt. i generate public ...
(1) odpowiedzi
2017-08-30 20:08 Protect against CSRF attack in PHP for multiple browser tabs »
I know, there are two main solutions against CSRF attacks. one token per session tokens for all unique forms I chose the second one, but there is ...
(1) odpowiedzi
2017-08-29 17:08 Correct way of sending queries from Android to a remote server database »
I am not very experienced in handling databases. I have an Android Application that is supposed to send queries to and get the subsequent result set ...
(1) odpowiedzi
2017-08-26 05:08 Is it secure to send a password over HTTPS with jsonp »
If I send a password in JSONP with jquery over HTTPS to perform authentication is it secure? I can't use a JSON POST. EDIT: $.ajax({ type : ...
(2) odpowiedzi
2017-08-25 06:08 What is randomly replacing Baidu TongJi (Analytics)'s Javascript code to make DDOS attack on websites on browser? »
Update: It seems that different hm.js (Baidu TongJi JS library) are loaded. When no DDOS attack is observed, a standard hm.js is loaded; when there i...
(1) odpowiedzi
2017-08-24 10:08 How to prevent CSRF attack which is possible with webclient in C# ASP.NET MVC and Web api »
I am able to reproduce CSRF attack on my MVC website that uses @Html.AntiForgeryToken() with following steps. And I have a Web Api acting as attacker...
(0) odpowiedzi
2017-08-23 21:08 Add user password during runtime »
i've some node app which should get the user password to run , I dont want to put the user password hard-coded but I want some way to pass it during d...
(3) odpowiedzi
2017-08-21 16:08 What is the sense of the CSRF-protection while using token in HTML »
I'm new to the cybersecurity and CSRF. I've read the most popular way of the CSRF-protection is placing the CSRF-token in HTML form or in the META ta...
(1) odpowiedzi
2017-08-21 15:08 Symfony fos_user bundle encoded password in Laravel - Symfony to Laravel Migration »
We are migrating one of our application from Symfony 3.3 to Laravel 5.5 and we want to use all our existing users without requiring a password change....
(1) odpowiedzi
2017-08-18 12:08 Is CSRF possible in Aurelia if XSS attacks are mitigated? »
I have an aurelia app with .net web api. I communicate to the api via ajax calls. I authenticate using a bearer token which is stored in the browser...
(1) odpowiedzi
2017-08-16 20:08 Why is it not a security hole that PostgreSQL by default stores user passwords in an MD5 hash? »
Why is it not a security hole that PostgreSQL by default stores user passwords in an MD5 hash? I am studying the internals of PostgreSQL and have gott...
(1) odpowiedzi
2017-08-14 09:08 csrf not working in java »
I am using csrfguard 3.0.0.jar in my project. I have added my web.xml <filter> <filter-name>CSRFGuard</filter-name> <fil...
(0) odpowiedzi
2017-08-11 23:08 Security concern: Can Razor Engine internally make a REST call? »
I am developing an API in WebApi (current version 2017), which is using Antaris Razor engine 3.10. Today's current non-beta version. A concern was r...
(0) odpowiedzi
2017-08-11 10:08 PasswordVault security when used from Desktop app »
I'd like to use Windows.Security.Credentials.PasswordVault in my desktop app (WPF-based) to securely store a user's password. I managed to access this...
(1) odpowiedzi
2017-08-09 20:08 In ColdFusion How to Eliminate Vulnerable for Cross-Site Script »
What is the best way to stop Cross-Site Scripting for ColdFusion? Is there a setting to set in the CF Admin or is their code in you can put in Applic...
(2) odpowiedzi
2017-08-08 01:08 Do you need XSRF/CSRF token for a logoff request? »
What would be the security loophole if a logoff request is not validated with XSRF/CSRF token? ...
(2) odpowiedzi
2017-08-08 00:08 Is it possible for a mobile app request to be sniffed even if https? »
We are developing a hybrid mobile application and for certain function calls, there is a url called. Here is a sample request for getting user informa...
(1) odpowiedzi
2017-08-03 12:08 CSRF vulnerability in Keycloak Account Service »
Though there is a CSRF token used in the Keycloak Account service, there is CSRF token fixation vulnerability. To prevent CSRF, a cookie named KEYCLO...
(0) odpowiedzi
2017-08-02 20:08 Rails 4 parameters; how to whitelist a param to a set of values »
I have already read some posts, such as Value whitelist using strong parameters in Rails 4, but it's not quite what I need. I have a controller which...
(2) odpowiedzi
2017-07-27 15:07 Setting up jwt or oauth in web application »
I'm buliding a new spa app using angular 4 and I've started to search for different options for implementing security. As I dived deeper I found every...
(1) odpowiedzi
2017-07-26 08:07 Cross Site Request Forgery (CSRF/XSRF) issue in Product add to cart form in magento 1.9.3.4 »
We Scan our site in the https://detectify.com/ for checking CSRF attack. we are getting following issue in our site. For Example Cross Site Request F...
(0) odpowiedzi
2017-07-22 23:07 Email verification in PHP »
At this moment users can create an account at my website (username, password, email) This wil create an entry in the database which stores the userna...
(3) odpowiedzi
2017-07-21 17:07 How to prevent URL disclosure in an AngularJS SPA? »
A 3rd party security consultancy identified a risk in our Angular SPA/ASP.NET WebAPI application under the area of Information Disclosure, which we h...
(1) odpowiedzi
2017-07-21 10:07 Changing master password that is used for encryption »
I want to store some data encrypted, for example like a password manager where your master password unlocks all the underlying app/site passwords. Lo...
(1) odpowiedzi
2017-07-21 07:07 Security against CSRF attacks via GET requests? »
I've built a stateless, JWT-based user authentication system on my web server, following the example of Stormpath (https://stormpath.com/blog/where-to...
(1) odpowiedzi
2017-07-20 00:07 Is it safe to use a custom required HTTP header as a protection method from the CSRF for an API? »
I have a JSON API built for a SPA which accepts only requests with "Accept: application/json" header. So submitting the following form in the browser ...
(0) odpowiedzi
2017-07-19 20:07 Are CSRF attack specific to a target website »
As per my understanding CSRF attack is about sending the POST data to the target server when the user is logged in to the target server and clicks on ...
(1) odpowiedzi
2017-07-14 22:07 php how to securely approve post and user approval »
i am developing an interior management system where clients can post their taught about new design my question is how to securely approve or trash po...
(0) odpowiedzi