Tag: security

5084 The definitive guide to form-based website authentication 2008-08-02T19:51:50.250

3615 Why does Google prepend while(1); to their JSON responses? 2010-04-19T18:00:09.750

3015 Why is char[] preferred over String for passwords? 2012-01-16T14:20:42.473

2780 How can I prevent SQL injection in PHP? 2008-09-12T23:55:00.900

1346 How should I ethically approach user password storage for later plaintext retrieval? 2010-02-17T19:54:40.083

1077 Secure hash and salt for PHP passwords 2008-12-30T22:02:45.637

1014 How does the SQL injection from the "Bobby Tables" XKCD comic work? 2008-12-01T21:50:10.220

998 What's the best method for sanitizing user input with PHP? 2008-09-24T20:20:39.650

778 Best Practices for securing a REST API / web service 2008-08-11T05:44:42.803

673 How to avoid reverse engineering of an APK file? 2012-12-13T06:42:14.893

576 Are PDO prepared statements sufficient to prevent SQL injection? 2008-09-25T15:43:35.270

525 SQL injection that gets around mysql_real_escape_string() 2011-04-21T07:56:11.147

510 Authentication versus Authorization 2011-07-02T10:44:19.630

507 Why Does OAuth v2 Have Both Access and Refresh Tokens? 2010-08-15T15:25:41.220

490 How can bcrypt have built-in salts? 2011-07-26T15:21:33.610

486 Why is using the JavaScript eval function a bad idea? 2008-09-17T19:09:54.803

471 What is the best way to implement "remember me" for a website? 2008-10-28T21:09:15.300

465 Fundamental difference between Hashing and Encryption algorithms 2011-02-09T17:30:05.773

463 Are HTTPS headers encrypted? 2008-10-09T15:00:35.650

441 What is the difference between Integrated Security = True and Integrated Security = SSPI? 2009-08-04T20:15:32.283

417 What is token based authentication? 2009-10-20T04:56:40.237

415 What should every programmer know about security? 2010-05-08T12:21:02.560

413 Worst security hole you've seen? 2009-09-24T05:34:21.290

408 Best way to store password in database 2009-06-28T01:50:50.563

405 Disable browser 'Save Password' functionality 2008-08-28T14:18:09.150

388 JWT (JSON Web Token) automatic prolongation of expiration 2014-11-04T15:41:22.550

361 How to secure database passwords in PHP? 2008-09-18T23:27:03.913

349 The difference between the 'Local System' account and the 'Network Service' account? 2009-02-04T05:30:33.283

340 Why is JsonRequestBehavior needed? 2011-12-11T14:26:05.340

337 How are software license keys generated? 2010-06-08T23:24:04.983

334 Why would one omit the close tag? 2010-12-10T16:00:39.047

318 Practical non-image based CAPTCHA approaches? 2008-08-12T04:59:35.017

311 Why am I suddenly getting a "Blocked loading mixed active content" issue in Firefox? 2013-08-15T10:47:07.217

307 PreparedStatement IN clause alternatives? 2008-10-07T13:41:36.310

287 Are querystring parameters secure in HTTPS (HTTP + SSL)? 2010-04-13T11:48:45.400

283 Are HTTP cookies port specific? 2009-10-23T08:53:06.480

277 Is "double hashing" a password less secure than just hashing it once? 2008-12-07T21:31:20.940

277 Exploitable PHP functions 2010-06-25T04:34:35.773

270 How to create .pfx file from certificate and private key? 2011-06-10T14:38:19.283

266 Is either GET or POST more secure than the other? 2008-10-13T18:08:01.937

255 Payment Processors - What do I need to know if I want to accept credit cards on my website? 2008-09-09T01:50:45.913

246 How to redirect all HTTP requests to HTTPS 2010-11-03T00:14:20.263

246 What are all the user accounts for IIS/ASP.NET and how do they differ? 2011-04-20T11:05:55.243

246 Using openssl to get the certificate from a server 2011-10-25T07:08:30.497

242 SPA best practices for authentication and session management 2014-01-07T03:13:48.840

240 Will web browsers cache content over https 2008-10-06T13:46:28.970

230 Where do you store your salt strings? 2009-08-02T21:27:48.030

227 Best practices when running Node.js with port 80 (Ubuntu / Linode) 2013-05-15T19:42:41.713

222 "Keep Me Logged In" - the best approach 2009-08-30T21:50:01.250

213 How to retrieve a file from a server via SFTP? 2008-08-18T13:43:48.730

211 What is the best way to stop people hacking the PHP-based highscore table of a Flash game 2008-09-16T16:01:27.887

210 SHA512 vs. Blowfish and Bcrypt 2009-10-13T15:56:19.190

202 Removing the remembered login and password list in SQL Server Management Studio 2008-12-08T14:14:10.277

202 Why do people put code like "throw 1; <dont be evil>" and "for(;;);" in front of json responses? 2010-06-30T05:58:54.100

200 What is a retpoline and how does it work? 2018-01-04T05:52:04.773

197 Is SecureString ever practical in a C# application? 2014-10-04T08:10:17.687

191 Simplest two-way encryption using PHP 2012-02-13T14:23:18.920

190 Default SecurityProtocol in .NET 4.5 2015-02-02T20:24:09.390

189 How do I create a self-signed certificate for code signing on Windows? 2008-09-17T16:04:07.403

189 How serious is this new ASP.NET security vulnerability and how can I workaround it? 2010-09-15T18:44:37.293

188 Why is it common to put CSRF prevention tokens in cookies? 2013-12-10T20:45:31.803

185 Difference between java.util.Random and java.security.SecureRandom 2012-06-15T13:04:41.600

183 How do you Encrypt and Decrypt a PHP String? 2013-05-17T02:57:13.737

179 How to reset Jenkins security settings from the command line? 2011-08-08T21:28:13.730

176 When would I need a SecureString in .NET? 2008-09-26T18:43:31.073

172 Has reCaptcha been cracked / hacked / OCR'd / defeated / broken? 2009-01-15T23:32:06.240

172 Secure Web Services: REST over HTTPS vs SOAP + WS-Security. Which is better? 2009-05-12T16:14:07.070

170 What is the difference between a cer, pvk, and pfx file? 2010-02-18T21:54:31.430

170 What is the best practice for dealing with passwords in git repositories? 2010-03-07T20:24:56.117

170 AngularJS changes URLs to "unsafe:" in extension page 2013-03-25T02:33:50.183

168 SSO with CAS or OAuth? 2010-01-09T10:26:21.140

168 If you can decode JWT how are they secure? 2014-12-04T18:42:16.153

167 How does Content Security Policy work? 2015-05-16T20:22:47.777

166 How can I store my users' passwords safely? 2009-10-17T06:54:22.643

166 Two-way encryption: I need to store passwords that can be retrieved 2011-02-23T10:48:00.473

163 Generating a random password in php 2011-05-23T19:29:28.607

158 How to remove ASP.Net MVC Default HTTP Headers? 2010-08-05T19:45:04.953

158 JWT Authentication for Asp.Net Web Api 2016-10-27T09:33:29.963

157 How can a JACC provider use the Principal-to-role mapping facilities of the server it's deployed on? 2011-01-27T22:00:42.310

156 How are ssl certificates verified? 2008-10-09T17:16:29.793

152 How do I turn off Oracle password expiration? 2009-07-08T02:32:05.280

150 JavaScript: client-side vs. server-side validation 2008-10-02T13:09:15.040

148 .NET obfuscation tools/strategy 2008-08-05T16:20:37.773

148 How does this checkbox recaptcha work and how can I use it? 2014-08-28T09:37:46.830

147 Why is this code vulnerable to buffer overflow attacks? 2015-04-28T04:46:20.990

144 How do Google+ +1 widgets break out of their iframe? 2011-09-05T21:50:51.593

143 Obscure a UITextField password 2011-07-05T06:45:17.963

142 What is the best Distributed Brute Force countermeasure? 2009-01-26T09:37:29.067

142 PHP Session Fixation / Hijacking 2011-02-22T16:37:11.520

140 What is the App_Data folder used for in Visual Studio? 2009-02-09T16:30:28.930

140 PHP $_SERVER['HTTP_HOST'] vs. $_SERVER['SERVER_NAME'], am I understanding the man pages correctly? 2009-09-22T12:16:47.690

140 Google Authenticator available as a public service? 2011-02-23T04:28:52.413

140 Android Game Keeps Getting Hacked 2011-04-08T19:52:36.750

138 Should I impose a maximum length on passwords? 2008-09-19T01:49:29.360

137 Is there any way to put malicious code into a regular expression? 2011-01-02T17:16:29.340

136 How to solve slow Java `SecureRandom`? 2008-09-26T01:07:04.243

136 How does this giant regex work? 2010-07-25T06:01:55.467

135 Is using an outdated C compiler a security risk? 2016-05-27T09:09:28.047

134 Access is denied when attaching a database 2010-02-24T23:19:34.450