User Mike Samuel - Information Security Stack Exchange

28 votes

Who is responsible for the strength of user's passwords?

answered Aug 22, 2011 at 17:53

18 votes

Authenticating without a database

answered Jun 26, 2014 at 11:34

13 votes

Accepted

What is the danger of Reflected Cross Site Scripting?

answered Aug 28, 2012 at 17:45

11 votes

When is it appropriate to SSL Encrypt Database connections?

answered Apr 30, 2012 at 16:27

10 votes

Is this much distrust really necessary?

answered Sep 20, 2011 at 22:02

10 votes

What steps do Gmail, Yahoo! Mail, and Hotmail take to prevent eavesdropping on email?

answered Aug 22, 2011 at 22:52

10 votes

Accepted

Are the iPhone "connect the dots" passwords secure?

answered Aug 11, 2011 at 21:44

10 votes

At what point does "hacking" become illegal? (US)

answered Aug 17, 2011 at 18:22

10 votes

What to add to a repeating security checklist?

answered Aug 19, 2011 at 1:41

10 votes

Google hacking - why "numrange" is so dangerous?

answered Aug 22, 2011 at 1:43

9 votes

Accepted

Risks of Using Google Native Client

answered Nov 19, 2010 at 2:31

9 votes

Open Problems in Security?

answered Feb 8, 2012 at 22:44

8 votes

Why should I restrict the content type of files be uploaded to my site?

answered Feb 9, 2012 at 21:44

8 votes

What file formats are known to be unsafe?

answered Oct 24, 2011 at 13:32

8 votes

Accepted

XSS inside CSS when " is encoded?

answered Sep 4, 2012 at 21:27

7 votes

When registering for most websites, why do you need to confirm your email address?

answered Aug 16, 2012 at 6:40

7 votes

Does an established HTTPS connection mean a line is really secure?

answered Sep 1, 2014 at 17:00

7 votes

Accepted

Need an overview of web service / web site security world, where do I start?

answered Sep 10, 2011 at 0:46

6 votes

How to disclose a security vulnerability in an ethical fashion?

answered Aug 24, 2011 at 20:54

6 votes

IT Security Learning Path

answered Aug 23, 2011 at 18:59

6 votes

Escaping JavaScript constants

answered Jan 10, 2011 at 12:49

6 votes

Solution to allow JavaScript input but prevent XSS

answered Jun 30, 2011 at 22:44

6 votes

Accepted

WebServices Security

answered Aug 3, 2011 at 2:52

6 votes

How to verify that someone is who they say they are online?

answered Aug 26, 2012 at 20:30

6 votes

My company policy states I must put all passwords in a password safe shared with management. Is this secure?

answered Oct 18, 2012 at 3:32

5 votes

How do I log everything a certain program is doing?

answered Nov 14, 2011 at 17:01

5 votes

Are SSL certificates from a CA necessary for secure communication?

answered Oct 24, 2011 at 22:09

5 votes

What are the pros and cons of site wide SSL (https)?

answered Oct 26, 2011 at 14:42

4 votes

How to improve as a security expert

answered Sep 29, 2011 at 23:44

4 votes

Is it possible to forge a post request?

answered Oct 13, 2011 at 21:21

Stack Exchange Network

70 Answers

Who is responsible for the strength of user's passwords?

Authenticating without a database

What is the danger of Reflected Cross Site Scripting?

When is it appropriate to SSL Encrypt Database connections?

Is this much distrust really necessary?

What steps do Gmail, Yahoo! Mail, and Hotmail take to prevent eavesdropping on email?

Are the iPhone "connect the dots" passwords secure?

At what point does "hacking" become illegal? (US)

What to add to a repeating security checklist?

Google hacking - why "numrange" is so dangerous?

Risks of Using Google Native Client

Open Problems in Security?

Why should I restrict the content type of files be uploaded to my site?

What file formats are known to be unsafe?

XSS inside CSS when " is encoded?

When registering for most websites, why do you need to confirm your email address?

Does an established HTTPS connection mean a line is really secure?

Need an overview of web service / web site security world, where do I start?

How to disclose a security vulnerability in an ethical fashion?

IT Security Learning Path

Escaping JavaScript constants

Solution to allow JavaScript input but prevent XSS

WebServices Security

How to verify that someone is who they say they are online?

My company policy states I must put all passwords in a password safe shared with management. Is this secure?

How do I log everything a certain program is doing?

Are SSL certificates from a CA necessary for secure communication?

What are the pros and cons of site wide SSL (https)?

How to improve as a security expert

Is it possible to forge a post request?