The secure-coding tag has no wiki summary.
-1
votes
1answer
60 views
Secure Django Application
What are some of the recommended configuration settings to secure your Django application? i.e. best practices for settings.py file.
I researched and came across some:
SESSION_COOKIE_SECURE = True
...
0
votes
1answer
63 views
Securing user postal address in a database?
I've been assigned a web project that deals with shipping goods between two parties. I am unsure what a secure database scheme (if any) would be for storing the recipient's postal address and whether ...
2
votes
2answers
41 views
Difference between secure design patterns and a generic coding guidline?
Is there a difference between secure design patterns and a generic coding guideline from which you can derive a technology specific coding guidline?
Patterns like "authentication", "secure sessions" ...
0
votes
1answer
43 views
Securing data at rest
For an API request to my application, I store the data in the request object temporarily in an xml file before it is pushed to the database. Although the xml files are stored on a secured server at a ...
2
votes
2answers
193 views
security metrics on softwares developed
Thinking about software security metrics currently I've thought about the following software security metrics:
number/type of CWE detected by developers (bug reporting)
number/type of CWE detected ...
0
votes
2answers
117 views
Programming languages for security? [duplicate]
I am a computer science student interested in the field of security and just had a few questions.
What are the pros and cons for using C# for security purposes, I had assumed applications programmed ...
1
vote
1answer
135 views
Is this a security breach?
I read in an article that if the request is authenticated or secure (i.e., HTTPS), it won’t be cached.
But in https, burp has reported an issue stating http response is as follows:
Cache-Control: ...
1
vote
0answers
91 views
Instant Messaging End-to-End
I plan to create an application for secure instant messaging, now I don't know whether or not I want to implement the encryption by myself. This project is also mainly for educational purpose so I ...
40
votes
11answers
7k views
Are there “secure” languages? [closed]
Are there any programming languages that were designed to be robust to hacking? For instance, Heartbleed would not have happened if the language used could guard against a Buffer Over-Read.
Edit:
A ...
1
vote
1answer
66 views
Cryptographic patterns a security risk?
I am writing an application that serialises objects and then saves the resultant XML in an encrypted file.
I am using an Initialisation Vector and a Salt both saved in the file for decryption so two ...
1
vote
3answers
108 views
Which Secure Development Lifecycle model to choose? [closed]
We are going to secure our software development life cycle and have been researching for a good model to start with.
I have found 3 major models (methodologies?) which are :
Cigital SDLC (7 touch ...
0
votes
1answer
99 views
is this code valid for securing passwords? [duplicate]
i was wondering if this is a secure method for a hashing password.if it is not secure please tell me what to do in order to make it secure
$pass='test'//the password
...
1
vote
0answers
142 views
security clearance for programmers
I am programmer by day and night, I work within security at the moment working on some security products. I have noticed a few non software engineering based roles which require security clearance. I ...
1
vote
1answer
61 views
Home banking site request, it possible for a small web agency?
I'm working in a web agency, i have a request to made an home banking system for a little bank. I'm searching in internet for some information about security and a good pattern to start, but naturally ...
-1
votes
1answer
60 views
What are the difference in which different website that are built by different technologies prevent the occurrence of cross site scripting? [closed]
For example, websites that are built in ASP,PHP,Ruby?
1
vote
2answers
3k views
Missing Secure Attribute in Encrypted Session (SSL) Cookie Recheck
I tested a web application with a commercial tool (IBM AppScan) for penetration test. I found a bug which is related to Missing Secure Attribute in Encrypted Session (SSL) Cookie.
The web ...
0
votes
1answer
198 views
Are cross site scripting attacks and sql injection a good topic for my thesis? [closed]
So I'm doing my undergraduate thesis, I would like to explore how cross site scripting sql injections occur. And for the purpose of the thesis I'd also like to create a fictional website that is ...
1
vote
1answer
212 views
How to write an authentication module for my website?
This will sound naive for sure, and it is. Being a recent college graduate, I have been wondering on how do average websites implement their authentication modules. I have been using a table storing ...
5
votes
2answers
1k views
In C, not using 'void' if a function does not accept any argument is a potential vulnerability
In CERT secure coding standard, there is a recommendation that "Always specify void even if a function accepts no arguments". A possible security vulnerability is proposed in it.
/* Compile using ...
2
votes
3answers
532 views
Top 10 dangerous mistakes in C programming? [closed]
What is the top dangerous mistakes in C programming?
for example misusing a strcpy causes a stack-overflow and code injection.
I'm looking for at least 10 bad programming pattern in C.
6
votes
3answers
322 views
Is initializing variable to NULL or 0 or -1 a bad practice from security standpoint?
I'm trying to learn little bit about armoring application against reverse engineering. In one article I read that initializing variables to NULL or 0 or -1 is as secure (vs RE) as using common ...
0
votes
3answers
715 views
Ways to keep AES encryption key safe.? [closed]
I am using AES encryption to secure some sensitive data. For that i have to provide a certain key for encrypting and decrypting.
It's not safe to keep the key somewhere on the server. So instead of ...
-3
votes
3answers
994 views
Database connection from front end
I want to know why calling a database from the front end is considered a bad practice for security.
It is really so bad as to justify building an application layer with all its drawbacks: costs, ...
0
votes
2answers
147 views
Does excluding username letters from passwords increase security?
Recently I was asked to change a password, along with a password policy which reqires you to use a digit, a special character and a letter, but forbids any letter from you log in name to be used for ...
-1
votes
1answer
298 views
can someone break my anti dom based xss from the window location? [closed]
can someone break my anti dom based xss from the window location ?
function parseparameters()
{
var href = window.location.href;
var id = href.indexOf('#');
if (id ...
5
votes
3answers
705 views
Setting a limit on password recovery attempts
in a setting where one has forgotten their password, I'd like to be able to limit the attempts of entering in email addresses to something like 10. My first thought was to use a cookie.
$attempts = ...
4
votes
3answers
512 views
is it safe to allow external images to be attached to Blog or any Web content?
I am filtering all images that attached to any content of my blog:
Check for file extension.
Check content type using $finfo = finfo_open(FILEINFO_MIME_TYPE);
I also save the image temporary on my ...
4
votes
1answer
199 views
What are possible consequences for applications that depends on Safe Mode for security?
PHP finally removed safe_mode feature:
Safe Mode
Warning
This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP
5.4.0.
The PHP safe mode is an attempt to solve the ...
1
vote
5answers
447 views
Can hackers find secret tokens passed to HTTP GET requests?
I have some code like this in index.php:
if(isset($_GET['something'])){
//do something
}
Can hackers find this and request index.php?something, or is this sufficient for security?
0
votes
2answers
302 views
CMS security issues
I have a desire to make my own CMS , to improve my programming skills. I would use PHP as a server side programming language.
So my question is, on what security issues I must pay attention when ...
