Newest 'source-code web-application' Questions

2

votes

4answers

144 views

Obfuscating JavaScript code

Some Flash developers are afraid of JavaScript. Their point of view: Stealing JS source code is effortless, one would just 'view source' and copy it. Yes, you can decompile Flash bytecode, however it ...

asked 20 hours ago

hidarikani
1111

7

votes

4answers

655 views

Is $_SERVER[ ] a safe source of data in PHP?

Can I 100% rely on $_SERVER[] to be a safe source of data that I do not need to sanitized like I do $_GET[] and $_POST[]? Thanks. OVERVIEW OF RESPONSES: So it seems there is a consensus that some ...

web-application appsec php source-code encoding

asked Mar 9 at 5:11

user2079272
392

4

votes

3answers

934 views

Hiding JavaScript source code

In a web-app should one strive to hide as much of the code as possible, for example from view source? In particular I was wondering should JavaScript be hidden, especially ones used for Ajax? I was ...

web-application javascript source-code

asked Feb 14 at 17:25

Celeritas
1,213219

6

votes

2answers

270 views

Security issues with PHP Sandbox

I am working on a PHP sandbox for a Web Application Honeypot. The PHP sandbox will analyze a PHP file that may have been injected as part of an RFI attack. It should run the file in a safe environment ...

appsec web-application php source-code sandbox

asked Mar 25 '12 at 6:04

Phani
1313

2

votes

3answers

222 views

Securing dropdown boxes

I have been creating selection boxes for years, yet I never knew you could modified it with firebug and submit them with nonpermitted values, of course this wouldn't happened if the code was secured. ...

appsec web-application php attack-prevention source-code

asked Mar 13 '12 at 20:22

Kevin Mist
163

5

votes

1answer

314 views

question for pentesters: PHP proc_open() in safe_mode

Can anybody explain to me how proc_open() is affected when PHP is running in safe_mode? As far as i have noticed, the command to execute is appended to a '/' - is there anything else and is it ...

appsec web-application penetration-test php source-code

asked Feb 6 '12 at 12:21

oliv
261

1

vote

2answers

502 views

how an iframe can cause xsrf?

I know how a form tag is prone to CSRF which does not use any token (or any other challenge-response mechanism) but I was wondering how an iFrame can be used to cause XSRF attack and what would be the ...

web-application penetration-test attack-prevention source-code csrf

asked Nov 21 '11 at 12:56

p_upadhyay
410212

12

votes

5answers

3k views

Disable insecure/dangerous PHP functions

Typically my job description limits me to code-review of web applications. More recently I've been asked to assist with some server-side PHP optimization where, although I am familiar with it, I lack ...

appsec web-application php source-code

asked Dec 29 '10 at 20:40

Purge
1,316422

10

votes

4answers

435 views

What does defense in depth entail for a web app?

I'm assuming it means different layers of security from app-level security to server hardening to personnel training, but what are each of those layers and what are some good resources for each level ...

appsec web-application source-code hardening

asked Nov 19 '10 at 12:19

VirtuosiMedia
1,336618

8

votes

3answers

829 views

Asp.net mvc security check list

I am planning to start a new web site on asp.net mvc 2 (3). Have anybody a full (if possible) check list of actions, approaches I should reach to avoid almost problems with security.

appsec web-application source-code asp.net

asked Nov 11 '10 at 22:04

garik
528613

Tagged Questions

Related Tags