Data dodania Pytanie
2017-12-08 17:12 JSON Web Token not invalidated when payload has been changed »
I just noticed a massive flaw with my JWT setup - I have a WebAPI project and am authenticating using JWT as set up in this guide here. I am sending ...
(0) odpowiedzi
2017-12-04 03:12 Send encrypted string between Android and Web API .NET »
One of my client whants to send encrypted string between native Android app and Web API .NET (ASP.NET MVC) over HTTP. This question is not well descr...
(1) odpowiedzi
2017-11-30 22:11 How can I use RegEx to capture a security token for use within JMeter? »
I am using JMeter's Regular Expression Extractor to capture a security token from the first HTTP response header to use in future requests. The HTTP...
(1) odpowiedzi
2017-11-27 23:11 ValidateAntiForgeryToken workaround »
I'm creating an aws lambda which needs to call the login api in my main application. The problem I'm having arises when the lambda tries to call my l...
(0) odpowiedzi
2017-11-27 12:11 CSRF token not sent from Angular to Spring »
We are building a web application using Angular and Spring Boot. As one of our security measures, we use CSRF tokens. The issue is that, on our local ...
(1) odpowiedzi
2017-11-24 19:11 Security when uploading images with Carrierwave »
I'm using carrierwave for upload images. And I saw how to configuring file permissions like this: CarrierWave.configure do |config| config.permiss...
(1) odpowiedzi
2017-11-21 06:11 Is it safe to do this? PHP's json_encode and javascript »
I've been searching around for security concerns about using PHP json_encode inside javascript context but I'm not exactly satisfied with the results ...
(4) odpowiedzi
2017-11-13 07:11 Cross Site Request Forgery (XSRF) Protection AngularJS »
Our AngularJS app is located in site.com and our api is hosted in api.site.com, The backend is written by ASP.NET Web API, It is appearent that the CO...
(1) odpowiedzi
2017-11-02 09:11 Accessing secure resources in C# »
In my application I need to read an encrypted file that is distributed with the app. I also need to connect to a download service using a password. ...
(2) odpowiedzi
2017-10-22 22:10 Secure storage for password »
I have service wich sends to email confirmation letter. And a part of it look like this: using (var client = new SmtpClient()) { await client.Con...
(1) odpowiedzi
2017-10-19 14:10 Automatically add anti-forgery tokens in ASP.NET MVC with Razor »
To prevent Cross-site request forgery you need to add an anti-forgery token to every form. @using (Html.BeginForm()) { @Html.AntiForgeryToken() ...
(1) odpowiedzi
2017-10-15 14:10 Why to exploit CSRF when you can exploit XSS? »
If I am not wrong from a malicious point of view, an XSS is more severe and dangerous than a CSRF attack, provided that you have the perfect condition...
(0) odpowiedzi
2017-10-13 09:10 How to protect Web API from CSRF attack if it called from cross domain client? »
I have a Web API and that is called by cross domain client application developed in angular. How I can protect my Web API from CSRF attack. I am usin...
(1) odpowiedzi
2017-10-08 23:10 Is string comparison really insecure? »
Some suggest that using simple string comparison to match passwords is insecure due to timing attacks. For example see this question. Well, I tried to...
(1) odpowiedzi
2017-10-07 15:10 When won't double submit cookie help against CSRF? »
If a POST form is supposed to send both a COOKIE header and an hidden input of the cookie value, in which cases could an attacker pass this defense? ...
(0) odpowiedzi
2017-10-04 07:10 How to secure my website from attackers? »
I'm creating a dynamic website using php and I want to secure it from attackers.So what are the methods / tips / coding style / .htaccess to secure t...
(0) odpowiedzi
2017-09-27 15:09 Is my CSRF protection method secure? »
I've been doing my own CSRF protection using PHP. From what I've read I decided to use a cookie to implement my protection but feel a little confused ...
(2) odpowiedzi
2017-09-25 20:09 Disabling authentication for a single page (ColdFusion) »
Let me start by saying I am not really a full-stack developer and this is out of my scope of understanding. I have tried searching for an answer but I...
(1) odpowiedzi
2017-09-24 08:09 Spring Security and CSRF attack »
I am working on a java web application which should be very secure, so I applied the spring security and spring MVC with CSRF enabled on SSL server; I...
(2) odpowiedzi
2017-09-19 17:09 form security token (CSRF) - why use bin2hex in bin2hex(random_bytes(32)) »
I'm trying to add a token to my form to beef up the security(i.e. CSRF). All I've found so far (on stackoverflow, and many other sites) is the recomme...
(1) odpowiedzi
2017-09-18 03:09 encrypt password in android(client side) and decrypt in server side PHP with rsa »
I have encrypt my password in android(client side) with rsa. As we know its using public key to encrypt and private key to decrypt. i generate public ...
(1) odpowiedzi
2017-08-30 20:08 Protect against CSRF attack in PHP for multiple browser tabs »
I know, there are two main solutions against CSRF attacks. one token per session tokens for all unique forms I chose the second one, but there is ...
(1) odpowiedzi
2017-08-29 17:08 Correct way of sending queries from Android to a remote server database »
I am not very experienced in handling databases. I have an Android Application that is supposed to send queries to and get the subsequent result set ...
(1) odpowiedzi
2017-08-26 05:08 Is it secure to send a password over HTTPS with jsonp »
If I send a password in JSONP with jquery over HTTPS to perform authentication is it secure? I can't use a JSON POST. EDIT: $.ajax({ type : ...
(2) odpowiedzi
2017-08-25 06:08 What is randomly replacing Baidu TongJi (Analytics)'s Javascript code to make DDOS attack on websites on browser? »
Update: It seems that different hm.js (Baidu TongJi JS library) are loaded. When no DDOS attack is observed, a standard hm.js is loaded; when there i...
(1) odpowiedzi
2017-08-24 10:08 How to prevent CSRF attack which is possible with webclient in C# ASP.NET MVC and Web api »
I am able to reproduce CSRF attack on my MVC website that uses @Html.AntiForgeryToken() with following steps. And I have a Web Api acting as attacker...
(0) odpowiedzi
2017-08-23 21:08 Add user password during runtime »
i've some node app which should get the user password to run , I dont want to put the user password hard-coded but I want some way to pass it during d...
(3) odpowiedzi
2017-08-21 16:08 What is the sense of the CSRF-protection while using token in HTML »
I'm new to the cybersecurity and CSRF. I've read the most popular way of the CSRF-protection is placing the CSRF-token in HTML form or in the META ta...
(1) odpowiedzi
2017-08-21 15:08 Symfony fos_user bundle encoded password in Laravel - Symfony to Laravel Migration »
We are migrating one of our application from Symfony 3.3 to Laravel 5.5 and we want to use all our existing users without requiring a password change....
(1) odpowiedzi
2017-08-18 12:08 Is CSRF possible in Aurelia if XSS attacks are mitigated? »
I have an aurelia app with .net web api. I communicate to the api via ajax calls. I authenticate using a bearer token which is stored in the browser...
(1) odpowiedzi
2017-08-16 20:08 Why is it not a security hole that PostgreSQL by default stores user passwords in an MD5 hash? »
Why is it not a security hole that PostgreSQL by default stores user passwords in an MD5 hash? I am studying the internals of PostgreSQL and have gott...
(1) odpowiedzi
2017-08-14 09:08 csrf not working in java »
I am using csrfguard 3.0.0.jar in my project. I have added my web.xml <filter> <filter-name>CSRFGuard</filter-name> <fil...
(0) odpowiedzi
2017-08-11 23:08 Security concern: Can Razor Engine internally make a REST call? »
I am developing an API in WebApi (current version 2017), which is using Antaris Razor engine 3.10. Today's current non-beta version. A concern was r...
(0) odpowiedzi
2017-08-11 10:08 PasswordVault security when used from Desktop app »
I'd like to use Windows.Security.Credentials.PasswordVault in my desktop app (WPF-based) to securely store a user's password. I managed to access this...
(1) odpowiedzi
2017-08-09 20:08 In ColdFusion How to Eliminate Vulnerable for Cross-Site Script »
What is the best way to stop Cross-Site Scripting for ColdFusion? Is there a setting to set in the CF Admin or is their code in you can put in Applic...
(2) odpowiedzi