All Questions
Tagged with audit web-application
22
questions
0
votes
1
answer
107
views
Do I need to implement additional security measures for my self-hosted container web app?
Could you please suggest if I need to do anything else to ensure that my server is secure against the most common attacks? Currently it seems fine to me, but I would highly appreciate if someone with ...
1
vote
1
answer
188
views
What information should I collect when a user performs an action on a website? [closed]
In the development of an organization's web system (containing sensitive information) with credentials, where the actions carried out must be monitored, what information should I keep when each action ...
- 95
2
votes
1
answer
694
views
Getting numerous HEAD requests by Java user agents to resources that require authentication to view within a web application. Should I block them?
I have recently started using Cloudflare's firewall in front of a web application. This app has a limited user base of selected applicants and they must log in to view anything. There is no public ...
- 385
1
vote
1
answer
415
views
Security and the Definition of Ready and Done [closed]
Currently I am in a project where I have to test REST APIs among other things. In another question of mine I also discussed the topics Definition of Ready and Definition of Done regarding security.
...
- 131
1
vote
2
answers
7k
views
Is it possible to bypass this Xss Filter?
I was creating an XSS filter for my node plugin. Is there any way to bypass it? If yes How can i prevent it?
function xSSFilter(str) {
return str
.replace(/&/g, '&')
...
- 113
1
vote
2
answers
286
views
Is it common to be audited for security, but not be given access to the audit results?
When does it make sense, or is it common to not be given access
to security audit resuts/reports when dealing with large companies
who use your software?
How can a case be made for the benefits of ...
- 113
2
votes
1
answer
135
views
Security Implications of PHPCSS Files ( Dynamic CSS using PHP )
I'm working on an website where I need to allow the user to change multiple CSS values in their CMS. I need to read these values back to the browser in CSS and ran across an "easy" way to do just that ...
- 260
1
vote
1
answer
626
views
Security in transferring sensitive data over web apps
I am working on an app that has to transfer sensitive data over HTTPS and I have an idea but I am wondering if it is overkill or good.
One of the issues is I need the ability to "share data" between ...
- 113
8
votes
2
answers
2k
views
Why do several bug bounties ignore user enumeration?
While viewing bug bounties, I noticed that most of the bug bounties list the user enumeration in the excluding list. For instance brute forcing user accounts, forget password forms would generally ...
- 5,137
0
votes
1
answer
125
views
Are There Any Measurements for Web-Application Complexity That Positively Correlates to Num. Vulnerabilities?
Web-applications have vulnerabilities. Generally, a more complex web-application has more vulnerabilities, compared with a simpler and smaller web-application. For example, white hat hackers have ...
- 364
0
votes
2
answers
172
views
How unsecure would I assume old PHP code is? [closed]
We have several websites that are client facing at a very large company. These websites do gather client information. They were written 6-7 years ago, quite possibly using a PHP/mysql code generator....
- 118
3
votes
2
answers
10k
views
What's the most secure way to save Connection String in Windows Forms application?
I just got myself in a new company where they develop Windows Forms applications using .NET technologies and VB.NET, Of course. They use SQL Server databases. The BIG issue is that they store the ...
- 559
1
vote
2
answers
628
views
Precauations for web application security audit
We have planned to give our web application to a third party vendor,what were the precautionary measures which we need to take care before giving our application to third party vendor?
As the vendor ...
- 5,137
9
votes
3
answers
1k
views
How to work effectively to win bug-bounties?
I really want to prove myself (to my parents) by winning a proper bug bounty
How should I best prepare for this and go about actually finding bugs?
Edit So can anyone give some web sites which ...
- 199
-1
votes
3
answers
892
views
How do I communicate security issues encountered on an online banking platform?
Occasionally, I've produced (and reproduced) the HTTP 500 Internal Server Error on an online banking platform - quite a famous one. I suppose the errors are due to bugs in back end code, possibly ...
- 597