Newest security Questions

Q&A for professional and enthusiast programmers

How to securely set up root password on Commercial devices [migrated]

I want to lock my embedded devices securely so that unauthorized users cannot login as root users. I can think of following 2 approaches. To lock the devices, Set the root user password on all the ...

Authorization for webapi custom attributes with roles

I am trying to authorize users based on the roles specified on the web api method with windows authentication. IIS is set to use windows authentication along with web.config. <authentication mode="...

Sharing Database Across Multiple Apps

Web App #1 is on AWS and contains user subscription information (e.g. is a subscription active) and allows users to create accounts. Web App #2 is behind a VPN, and would ideally sync up with Web App ...

HTML form without CSRF protection alert (Acunetix)

I use in my form @Html.AntiForgeryToken() and in action I use [ValidateAntiForgeryToken] attribute but when test my site by Acunetix get this error : HTML form without CSRF protection html : &...

Equivalent terms of LLVM IR for watermarking by renumbering?

I want to apply an algorithm for watermarking that basically reorders equivalent terms of a programming language: https://books.google.dk/books?id=mig-bH3u0Z0C&pg=PT595&lpg=PT595&dq=...

Model driven interceptor not working

Model driven interceptor is not working properly. Action class : public class CampusManagerEditAction extends ActionSupport implements ModelDriven<RegistrationForm> { ...

Spring Security Header Based Authentication

By default spring security operates by adding the JSESSIONID cookie to your session. And I have used and seen many header based forms of accomplishing the same result(often making use of a filter or ...

I gave full access to a webmaster (freelance) how do i check for malicious scripts/viruses that he could have left? [on hold]

How to be sure that the website's security isn't under any risk after he has done his job? (I'm a beginner, I use Ubuntu-16.04-PHP). Thank you!

json - Encryption SSL/TLS End to End

So a little back story about the security and project. Developing a private application for a customer. This application will need to be secure. One way we are securing it is by not allowing outside ...

Best Practise in Angular2 for displaying buttons based on a users security permissions

I’m currently developing my first Angular 2 site. The site contains a Bootstrap NavBar on the left hand side so the user can navigate to different pages on the site. Each user can see different ...

How to Over ride BindAuthenticator handleBindException for Spring LDAP Authentication setup in Spring Boot

For Spring security setup in Spring Boot. The LDAP Authentication provider is configured by default to use BindAuthenticator class. This Class contains method /** * Allows subclasses to inspect the ...

sudo from PHP, blank result

I'm trying to run sudo script from php. Added it to sudoers, from CLI everything work as expected. However, running from apache (mod-itk) I'm getting blank result. Tried to add !requiretty to sudoers,...

Use Java Security library instead of Weblogic library

I use java (jdk 1.7) I am work in a custom authentication api (which works when declare filter in web.xml). I catch spnego token and with a keytab I can identify a user. This is work in tomcat 7.0 ...

How to get started in information security? [on hold]

I need some help in getting started in InfoSec, and I was wondering if anyone has any recommendation for books/online courses, etc that can help me get started in the general InfoSec field. I know ...

PHP Security (strip_tags, htmlentities)

I'm working in a personal project and besides using prepared statements, I would like to use every input as threat. For that I made a simple function. function clean($input){ if (is_array($input)){ ...

Security breach: PHP file edited on codeigniter site, ubuntu server

I run a file sharing site, built on Codeigniter, PHP 7. We recently found one of the files in our www/application/controllers dir was very slightly edited to change a download request for 1 in every 3 ...

How would I make it so my API is only accessible through my application (Javascript and PHP)?

I'm currently creating my first API. I know how to setup all the endpoints and do what I want with them. The issue I'm having is that I don't want just anyone to be able to visit site.com/api/example ...

Implementing row-level security in SymmetricDS

I am developing a mobile ticketing system, and I'm reviewing my requirements against embedded SymmetricDS. The only sticking point so far is that I can't find any information directly addressing the ...

Mobile client with Restfull server + SQL database authentication [on hold]

Im developing a system which a android client send and receive data from a mysql database (connected to a java restfull webservice). To do the authentication method, i dont want to send id&pass ...

Is Apache compromised? No protocol handler was valid for the URL yandex.ru

I recently received an abuse report from Amazon (AWS) saying that my server was attempting to log in to forums and such. When I look at my error logs, I have lines and lines of: [proxy:warn] [pid ...

Prevent multiple login using laravel

I recently I working with a project and trying to find anyway or package to prevent multiple login on a account using laravel framework. For example, I already login and someone try to login from ...

Any x86 deobfuscator?

I've been looking for an x86 deobfuscator for a project, but can not seem to find any. Can you recommend a x86 deobfuscator, preferably open-source, that is capable of deobfuscating, e.g., control-...

Configure No-Session “Guest” User using Spring CAS Single Sign On

I currently have a Spring project with multiple microservices using Single Sign On Security with CAS. I need to allow users to log in as a "Guest". They will not have access to certain views, and ...

CSR for iPage site with Third Party SSL

after recently setting up a website on iPage I have come across an issue not listen on their website. You cannot get a CSR code from them, and so you cannot easily use a Third Partly SSL. So I am ...

Communicate to SafeNet Prime 8840 SD Card via Android Kernel

i want to communicate via Android Kernel with the Gemalto SafeNet Prime 8840 SD Card. But i have no clue where i should start, do you have any tips or Tutorials i can look at ? I found the SEEK for ...

Export certificate as #X509PKIPathv1 - change SecurityToken TokenType

This question is related to my previous: ClientMessageInspector add BinarySecurityToken and Signature I'm trying to create WCF request according to OASIS X.509 Certificate Token Profile. I must ...

PayPal recurring payments with Trial period

I'm trying to implement PayPal subscriptions system with following features: 1st month of service on the application would be completely free after which user will pay monthly amount. I have written ...

How to protect data in Documents directory with encryption?

I have an app that downloads several pdfs and images and save them in the Documents directory. I need these files to be protected by everyone who try to access them via tools like iExplorer. I found ...

How to check application is white list in MI security permission autostart

I am building an android application where I am using some services. My services get close when application is close in some custom android OS like MI. Then I figure out we have to push our ...

UWP How to Encrypt AES Key using RSA Public Key?

I'm developing UWP App and using this library Windows.Security.Cryptography I've generated a CryptographicKey and IV, then encrypted the plain text string properly, but now I need to encrypt the ...

Is a vulnerability identified in Python considered a vulnerability in Jython?

A lil confused as the diffs between Python, Jython and CPython. I understand Jython is an implementation of Python in Java and CPython is the same except that it is implemented in C. But what I'm ...

Website upload prevent hacking

There's an upload form on my website. I'm actually not really including or excluding file types. Instead I'm using this: $fileUploadName = $target_dir.md5(uniqid($target_file.rand(),true)).".".$...

ASKE(Alpha Secure Key Establishment) in Zigbee

I am working on zigbee security. For key establishment, some approaches are given in zigbee. Some of them are ASKE(Alpha Secure Key Establishment), ASAC(Alpha Secure Access Control), SKKE(Symmetric ...

Security pitfalls of a local server on iOS

I found this post about ways to run a local webserver in your application iOS devices as web server I was wondering about the security issues creating of running such a server. Thanks in advance :) ...

php preg_match spacebar detour

I was learning the php vulnerabilities. and I have a php code like this <?php if(isset($_GET['hi']) && !preg_match("/work/i", $_SERVER['QUERY_STRING']) && $_GET['hi'] === 'work ...

Description of access-rights correct

I have published an App to GooglePlay Store since years. I have a customer that incriminates me as a spy. He's thinking I am going to read the medias of his device. The description in GooglePlay sais ...

Wordpres with ssl form let's encrypt, but homepage not fully secure. “Attackers might be able to see images..” message

Could you help me find out what to do with not fully secure message. I have installed ssl certificate from let's encrypt, but my wordpress homepage has a message "Attackers might be able to see the ...

how can I ignore options method

I'm using the AbstractAuthenticationProcessingFilter filter to authenticate users but I find it is also triggered by options method which obviously does not contain my client side credentials and this ...

kSecUseAuthenticationUISkip how to use it

I want to add an item to secItemAdd with following access control SecAccessControlRef sacObject = SecAccessControlCreateWithFlags(kCFAllocatorDefault, ...

Best way to introduce NAS for intra network

We are planning to introduce NAS system in our office. Followings are our condition. There are 20 desktop PCs in our office. They are connected to the Internet. We want a NAS. It should be accessible ...

Securing API for a Frontend Website

Our APIs (delivered by a third party) are using Tokens in order to ensure authorized access only. Our new website should not be server-to-server but mostly front end, i.e. the token would be visible ...

External Keyboard issue - Prevent copy/paste in edittext for Android

I'm accessing my device using external keyboard. As a requirement, I've to disable any copy/paste in android's EditText box in my app. For handling device's copy/paste, issue, we're using below code ...

Does TLS prevents replay attacks if the originator is compromised / intentionally wants to cheat

Background: I'm working on a mobile application (online chat) that use persistent TCP connections to a backend server. In the previous version, we used a well-known encryption scheme to protect the ...

Is Authorization Code flow OAuth2 implementation in ADFS 3.0 supposed to be used only in Mobile Apps?

We are planning to connect to Client's AD with their ADFS set up with oAuth2 implementation from our SPA. Is it any way not recommended?

is System.Security.SecureString object immutable or mutable?

is System.Security.SecureString object immutable or mutable in .NET framework?

How to implement Root detection for android application?

How to implement Root detection for android application? And how we check the root detection functionality in either android device/simulator , if we don't have any rooted device Thanks in advance!!!...

Decrypt and encrypt using PBKDF2 java

Is there a way to decrypt PBKDF2 password in java.Java has implementation of “PBKDF2” algorithm as “PBKDF2WithHmacSHA1“ I got the code to create hashes for password I referred to below link for ...

Securely URL-encode a password

Java provides the URLEncoder class for URL-encoding Strings. But it is considered insecure to store passwords as Strings. Is this code to send a password via POST over an HttpsURLConnection output ...

symfony security prod doesn't work

I'm using symfony 3.2.3, and I want restrict access on same pages. Ok, no problem! Configuring security.yml, all can be done, and actually it works in dev environment. But, when I switch my symfony ...

How can you make the stack executable on osx?

I'm currently going through "Hacking; the Art of Exploitation", and am practicing writing shell code injections on some example code I wrote up. I'm injecting shell code as an environment variable. ...
Translating... 0%