Tag: appsec

Found 414 results for 'appsec'.

1) web-application - Why should double submit CSRF tokens be cryptographically strong random numbers?
2) web-application - Should CSRF 'Double Submit Cookie' technique have a different seed value for the cookie versus the HTTP POST?
3) appsec - Without using SSL, what's the most secure way to make an AJAX request to a PHP page?
4) web-application - What is the next step of this file upload attack?
5) appsec - Is this an example of XSS attack?
6) appsec - Provide CSRF token to the front-end, if not present in the request headers
7) appsec - Securing dropdown boxes
8) passwords - How does authentication work without OAuth in mobile apps?
9) appsec - Is Linkedin, Google and Facebook Running BitTorrent client?
10) appsec - How to securely hash passwords?
11) appsec - Storing private asymmetric key in application binary?
12) appsec - What is preventing the widespread common use of MAC-type systems?
13) appsec - Exploiting a desktop application
14) appsec - Benefits to Arch Linux over Kali Linux
15) appsec - What are the best practices for hardening a php.ini file?
16) appsec - How do I protect myself against the attacks in this php script?
17) web-application - Security risks of fetching user-supplied URLs
18) appsec - Why do some Java APIs bypass standard SecurityManager checks?
19) appsec - Is DIGEST-MD5 secure if done over HTTPS?
20) appsec - Why do some people really hate security via client-side?
21) web-application - Should I use AntiForgeryToken in all forms, even login and registration?
22) web-application - Iframe postmessage fraud
23) appsec - anti-CSRF tokens vs Referer and POST testing
24) web-application - What is the correct way to implement anti-CSRF form tokens?
25) web-application - Setting expectations of a vulnerability assessment?
26) web-application - Any security vulnerability in PHP fsocketopen
27) appsec - Disable insecure/dangerous PHP functions
28) authentication - Is using the JWT token to perform queries, as opposed to a raw value in its payload, considered a good practice?
29) appsec - DRM - Make sure that a SDK is used by the client legally
30) appsec - Web Service Security
31) cryptography - Is the following authentication scheme secure?
32) appsec - Escaping JavaScript constants
33) appsec - SQL injection -- why isn't escape quotes safe anymore?
34) appsec - Does returning a 401 error from an API leak information?
35) web-application - What dangerous characters need to be filtered from user input prior to use in a DB2 SQL query?
36) web-application - XSS when <, > and " are escaped?
37) appsec - Is this login security enough?
38) web-application - Vulnerability in restricted eval
39) appsec - How do I secure my login page?
40) web-application - Best way to securely set a session cookie on another domain
41) appsec - Should user be allowed to save password in browser?
42) encryption - Safe implementation of sharing encryption secrets (username, password) in the cloud
43) appsec - What cookie attacks are possible between computers in related DNS domains (*.example.com)?
44) appsec - Replicating javascript actions from different website (XSS?)
45) appsec - Altering a $_SESSION variable in PHP via XSS?
46) appsec - What to do when you can’t protect mobile app secret keys?
47) appsec - Python desktop application: storing cloud database passwords
48) appsec - How can a Software application defend against DoS or DDoS?
49) appsec - Does X-Content-Type-Options really prevent content sniffing attacks?
50) appsec - How to defend vs. Image Remote File Inclusion, e.g. RFI using a .gif file (Apache/PHP)?