User alecxe - Information Security Stack Exchange

90 votes

7 answers

69k views

Does a CSRF cookie need to be HttpOnly?

asked Dec 15, 2017 at 4:01

46 votes

3 answers

10k views

Should we keep logs forever to investigate past data breaches?

asked Dec 20, 2017 at 16:53

34 votes

2 answers

8k views

HTML login form without a CSRF protection

asked Dec 13, 2017 at 17:50

8 votes

3 answers

510 views

Proving the need to upgrade Django

asked Dec 21, 2016 at 19:35

8 votes

3 answers

1k views

Continuous SQL injection testing

asked Dec 19, 2017 at 1:57

8 votes

3 answers

1k views

Recent ESLint hack or how can we protect ourselves from installing malicious npm packages?

asked Jul 13, 2018 at 1:57

7 votes

1 answer

13k views

Self-signed certificate for a IdP-initiated SAML SSO

asked Dec 22, 2016 at 17:56

3 votes

1 answer

1k views

Is mod_reqtimeout a sufficient and safe technique to mitigate Slow HTTP DoS Attacks?

asked Dec 13, 2017 at 18:05

3 votes

1 answer

554 views

Is using online SQL prettifiers considered safe?

asked Dec 14, 2017 at 21:59

3 votes

2 answers

631 views

Is it possible to block non-PyPI requests during pip install?

asked Dec 27, 2018 at 4:38

3 votes

1 answer

2k views

Port-forwarding to a web server on Raspberry Pi

asked Dec 23, 2017 at 5:13

1 vote

1 answer

1k views

Securing Flask admin pages

asked Dec 30, 2018 at 5:16

0 votes

1 answer

853 views

How dangerous is it to allow local connections to remote selenium servers?

asked Dec 26, 2017 at 18:20

0 votes

1 answer

175 views

When does a company need to hire a dedicated security specialist? [closed]

asked Dec 21, 2017 at 2:57

Stack Exchange Network

14 Questions

Does a CSRF cookie need to be HttpOnly?

Should we keep logs forever to investigate past data breaches?

HTML login form without a CSRF protection

Proving the need to upgrade Django

Continuous SQL injection testing

Recent ESLint hack or how can we protect ourselves from installing malicious npm packages?

Self-signed certificate for a IdP-initiated SAML SSO

Is mod_reqtimeout a sufficient and safe technique to mitigate Slow HTTP DoS Attacks?

Is using online SQL prettifiers considered safe?

Is it possible to block non-PyPI requests during pip install?

Port-forwarding to a web server on Raspberry Pi

Securing Flask admin pages

How dangerous is it to allow local connections to remote selenium servers?

When does a company need to hire a dedicated security specialist? [closed]