0
votes
0answers
3 views
PHP - Serializing user inputs
My entropy gathering system works by serializing user inputs:
$entropy=sha1(microtime().$pepper.$_SERVER['REMOTE_ADDR'].$_SERVER['REMOTE_PORT'].
...
-1
votes
1answer
39 views
Can anyone determine what kind of encryption this is?
Here are some examples of the encryption:
J01A062YLMP1
J01A06OEPMP1
J08A07GSVMP1
J08A0625YMP1
K01A06IE2MP1
K01A06GRKMP1
W08A06ZTYMP1
I know the first letter corresponds to a brand, the last 3 ...
1
vote
3answers
39 views
Web application security standards/certificates
I'm currently working on Web application/service that (hopefully) will be used in a wide variety of ways. Of course I'm looking to attracting some commercial users as well, and as we all know, they ...
0
votes
1answer
50 views
Security of Javascript in mobile browsers
Is Javascript on a mobile browser more secure than Javascript on other types of systems? For instance, if I have a site that includes some client-side (Javascript) encryption code, with the intention ...
3
votes
3answers
86 views
Does the ability for a user to choose the value of a session id cookie constitute a security flaw?
In the context of a web application, a user connects to this application and a session id cookie is set to authenticate the user for next requests. As the cookie is actually present before submitting ...
0
votes
0answers
38 views
Are too many logfiles in the apachelog slowing down the server? [migrated]
At my webserver, I have separate logfiles for all my over 250 domains.
Is this showing the server down? Would it be faster to have only one logfile that contains all access-logs?
0
votes
3answers
71 views
How secure is wiping an encrypted Android device?
based on my previous knowledge, I know that the iPhone has hardware encryption implemented on recent models. When we issue the "Erase all contents and settings" command, the encryption keys are ...
5
votes
2answers
98 views
How can I find subdomains of a site?
One of the things I need to do from time to time is to find subdomains of a site for example.
Starting with example.com
sub1.example.com
other.example.com
another.example.com
I'm ...
2
votes
1answer
29 views
How does the end user differentiate between OV and DV certificates?
This is a very good link that explains the different types of SSL certificates and level of trust provided by them. An Extended Validation (EV) certificate it is easily identified by the green color ...
2
votes
2answers
42 views
How good is validating source with request.referer than checksum?
I have 2 portals(both are under my control & domain names are different)
In 1st portal, there is a link on click of which User can directly get logged into 2nd portal.
Link which will be hit in ...
1
vote
0answers
46 views
User Groups (Circles) Inside a Web of Trust
Assume I have a universe of U users. Every user has his private key.
I want to build user groups by adding a company sub key to his key set.
Now users can sign his company sub key with there company ...
7
votes
3answers
120 views
Is stripping out < and > characters an effective way of preventing XSS?
I'm guessing that HTML encoding the input would probably be a better solution, but I'm curious if just stripping out any < and > characters would be an effective defense against XSS attacks.
...
-4
votes
1answer
72 views
Breaking into your own systems
So as security professionals, most are overly paranoid about external hackers, leaks, etc. I'm looking for ideas on how one would go about testing their own systems, without signs that they were ...
8
votes
3answers
307 views
Do users of non-latin character languages suffer from spyware and trojans?
Do Chinese, Japanese, other languages that can't be represented in ASCII get their passwords stolen? I figure there can't be some sort of bruteforce attack software for them, right? Their characters ...
1
vote
2answers
63 views
Avoiding Brute Force Attacks in a Web Based Login Form
My login form uses Ajax so it doesn't need to reload if the password is wrong. A PHP script process the request and creates the session if the credentials are right. My idea is to have the PHP script ...
