User AviD - Information Security Stack Exchange

943 votes

11 answers

328k views

How to securely hash passwords?

asked Nov 12, 2010 at 12:36

168 votes

3 answers

88k views

What are rainbow tables and how are they used?

asked Nov 16, 2010 at 7:26

77 votes

1 answer

71k views

What is the difference between RBAC and DAC/ACL?

asked Nov 14, 2010 at 19:27

48 votes

2 answers

16k views

Criteria for Selecting an HSM

asked May 30, 2013 at 9:46

35 votes

6 answers

10k views

Does it matter which Certificate Authority I source my SSL Certificate from?

asked Nov 11, 2010 at 23:42

32 votes

3 answers

34k views

Authenticating a Proxy server over HTTPS

asked Nov 4, 2012 at 1:22

22 votes

3 answers

907 views

Startup security

asked Nov 12, 2010 at 12:49

22 votes

3 answers

6k views

White-box vs. Black-box

asked Nov 12, 2010 at 12:43

19 votes

6 answers

6k views

Automated tools vs. Manual reviews

asked Nov 12, 2010 at 12:47

19 votes

4 answers

10k views

What tools are there to inspect Flash SWF files?

asked Nov 16, 2010 at 7:31

17 votes

3 answers

4k views

Multi-tenancy, SSL Certificates, and Subject Alternative Name

asked Jun 6, 2013 at 8:30

16 votes

2 answers

2k views

How can I test my web application for timing attacks?

asked Nov 16, 2010 at 7:34

16 votes

5 answers

48k views

Multiple VPN clients in parallel

asked Feb 8, 2011 at 10:29

15 votes

8 answers

19k views

Secure memcpy for pure C

asked Apr 20, 2011 at 12:01

14 votes

3 answers

654 views

What risk analysis methodologies should I use?

asked Nov 17, 2010 at 1:14

14 votes

4 answers

311 views

Is external vuln scanning sufficient?

asked Nov 12, 2010 at 12:39

12 votes

3 answers

9k views

Is null-byte injection possible in Java filenames?

asked Nov 16, 2010 at 7:23

11 votes

8 answers

1k views

iPhone Tracking debacle - risks and countermeasures

asked Apr 26, 2011 at 20:28

10 votes

2 answers

333 views

Cloud-specific standards and regulations

asked Feb 21, 2012 at 10:49

9 votes

2 answers

718 views

Backup schedule for Encryption Keys

asked May 16, 2013 at 14:12

7 votes

1 answer

2k views

Hadoop security, isolation, and hardening

asked Feb 16, 2012 at 16:41

7 votes

4 answers

8k views

Does default ModSecurity protect enough against XSS?

asked Apr 10, 2011 at 10:50

7 votes

8 answers

579 views

Topics for SecureCoding course in C

asked Apr 14, 2011 at 13:11

7 votes

2 answers

653 views

What key metrics should a CIO rely on to gauge the extent of IT risk exposure?

asked Nov 17, 2010 at 1:17

6 votes

2 answers

3k views

FrameBusting script

asked Nov 21, 2010 at 1:26

5 votes

4 answers

1k views

What issues are most important to cover in Corporate Security Policy?

asked Nov 17, 2010 at 1:07

5 votes

2 answers

2k views

How does OWASP ESAPI protect against direct object reference vulnerabilities?

asked Nov 16, 2010 at 7:28

2 votes

1 answer

3k views

Buffer Overflow on Raspberry PI

asked Dec 22, 2013 at 9:29

1 vote

2 answers

809 views

AntiXSS for ASP.NET 1.1

asked Mar 22, 2011 at 22:44

Stack Exchange Network

29 Questions

How to securely hash passwords?

What are rainbow tables and how are they used?

What is the difference between RBAC and DAC/ACL?

Criteria for Selecting an HSM

Does it matter which Certificate Authority I source my SSL Certificate from?

Authenticating a Proxy server over HTTPS

Startup security

White-box vs. Black-box

Automated tools vs. Manual reviews

What tools are there to inspect Flash SWF files?

Multi-tenancy, SSL Certificates, and Subject Alternative Name

How can I test my web application for timing attacks?

Multiple VPN clients in parallel

Secure memcpy for pure C

What risk analysis methodologies should I use?

Is external vuln scanning sufficient?

Is null-byte injection possible in Java filenames?

iPhone Tracking debacle - risks and countermeasures

Cloud-specific standards and regulations

Backup schedule for Encryption Keys

Hadoop security, isolation, and hardening

Does default ModSecurity protect enough against XSS?

Topics for SecureCoding course in C

What key metrics should a CIO rely on to gauge the extent of IT risk exposure?

FrameBusting script

What issues are most important to cover in Corporate Security Policy?

How does OWASP ESAPI protect against direct object reference vulnerabilities?

Buffer Overflow on Raspberry PI

AntiXSS for ASP.NET 1.1