Questions tagged [attack-prevention]
prevention of an attack vector (e.g. XSS, HPP, CSRF)
570
questions
0
votes
1
answer
476
views
Is polyfill.io still an immediate threat?
Polyfill.io is malicious: https://dev.to/snyk/polyfill-supply-chain-attack-embeds-malware-in-javascript-cdn-assets-55d6
https://www.sonatype.com/blog/polyfill.io-supply-chain-attack-hits-100000-...
- 111
0
votes
2
answers
150
views
Is it possible to send data from an open-source program but make it impossible for a user with source code to do the same?
If I want to store a global scoreboard for a game running locally on the user's computer and I want to make sure that all the requests coming to the server are really generated by the game and not ...
- 135
0
votes
0
answers
137
views
Is this a safe setup to prevent email account hack?
I would like to protect a Gmail account from being hacked.
Suppose I use the following approach for login/authentication:
Username, Password
2FA via security stick
the stick is in a place that is not ...
- 21
0
votes
1
answer
172
views
React chars to HTML encode?
I've observed that React can HTML encode specific characters to prevent XSS vulnerabilities in certain contexts. For instance, consider the following code in App.jsx:
function App() {
const ...
- 11
2
votes
1
answer
223
views
API key embedded in clients: how to defend against over-usage?
I am new to client-side development and I have a naive question. Right now, I'm using Google APIs (the map ones). If I want my client-side application / webapp to display a map, I would include ...
- 157
0
votes
0
answers
79
views
Can already opened event logs of PowerShell's event properties screens on Windows be hacked by hackers in milliseconds?
I am wondering some issues about event log safety of powershell. I think is it possible to alter the powershell itself. But theorically the event log should show us every attempt made in powershell ...
1
vote
1
answer
158
views
Measures to safeguard against ZeroFont phishing attack
What measures can be taken to safeguard against ZeroFont phishing attacks (setting font size to zero), and how can email security settings assist in the detection of ZeroFont elements and the ...
0
votes
1
answer
501
views
Getting a couple of remote login and calls into Ubuntu server?
I have a ubuntu server (Ubuntu 22.10 x64) on Digital Ocean. And I am using fastapi, uvicorn, gunicorn and nginx as I used it for my backend api calls from my frontend and my frontend IP is dynamic.
...
- 1
47
votes
2
answers
12k
views
Does rebooting a phone daily increase your phone's security?
Recently, the Australian Prime Minister Anthony Albanese gave some advice to regularly reboot your phone to boost its security.
Apparently this advice is somewhat commonly given to legislators. This ...
- 573
1
vote
1
answer
117
views
Do frequently crashing programs pose a bigger security threat than stable programs?
If I have an app that's frequently and randomly crashing, will it impose a bigger security threat (e.g: possible attack vector) than apps that are stable? Or are both apps equally protected from such ...
- 11
0
votes
2
answers
280
views
Protection against user session attacks (hijack, replay, tampering, CSRF, XSS...)
We develop a website in JAMStack, all URLs are static HTML page, and each interaction with the server are made by a fetch call on our REST API (micro-services).
When a user sign in, we want to ...
- 157
0
votes
1
answer
455
views
Does core isolation protect me against malware?
Does Windows 11 core isolation protect me against malware or does it have nothing to do with it? For example, an unsophisticated hacker with metasploit, nmap, msvenom or tools like that could create ...
1
vote
0
answers
135
views
Is someone accessing my win10 computer?
I have been wondering if someone is accessing my system and after doing using some basic assessment tools like netstat and event viewer, found some unusual open ports(12345) and special Logon! below ...
- 11
0
votes
1
answer
139
views
What are the security issues of being able to put anything into a website's URL and generate a 200 status code?
If I have a website where a user can add any string into the URL after the domain and have it return a 200 status code rather than 404, what are the security implications?
Is this something that can ...
- 1
1
vote
0
answers
77
views
Pre-Hijacking Mitigation
I want to create a website with password login and social login (e.g. Google only.)
For password login, first I will send a verification email.
I want to prevent pre-hijacking.
For those who do not ...
- 11