User Benoit Esnard - Information Security Stack Exchange

220 votes

Accepted

Can ads on a page read my password?

answered Aug 6, 2019 at 16:05

157 votes

Accepted

How to find out what programming language a website is built in?

answered Mar 11, 2016 at 10:54

154 votes

Accepted

Exploiting the delay when a festival ticket is scanned

answered Jul 29, 2019 at 11:32

87 votes

Accepted

Why is this certificate for Imgur only valid for one day?

answered May 5, 2018 at 15:55

83 votes

Accepted

What are the cons of stateless password generators?

answered Jul 29, 2019 at 19:24

61 votes

Accepted

What vulnerability is a math operation in an HTTP request trying to exploit?

answered May 2, 2023 at 14:53

61 votes

Accepted

Is it safe to check password against the HIBP Pwned Passwords API during account registration?

answered Mar 12, 2018 at 15:30

61 votes

Accepted

What's the point in hashing phone numbers?

answered Mar 15, 2018 at 14:48

52 votes

Accepted

How bad would a partial hash leak be, realistically?

answered May 31, 2019 at 17:39

44 votes

Accepted

Website seeing my Facebook data?

answered Feb 25, 2019 at 9:42

43 votes

Security of my homebrew hash algorithm

answered Apr 17, 2017 at 14:56

42 votes

Accepted

Accessing multiple sites via HTTPS produces different, unrelated content (Peugeot club via HTTPS)

answered Mar 6, 2018 at 11:38

40 votes

Accepted

Predicting Math.random() numbers?

answered Jan 11, 2016 at 5:32

38 votes

Accepted

Running code generated in realtime in JavaScript with eval()

answered Aug 13, 2019 at 12:26

36 votes

John the ripper password cracked or not?

answered Jun 15, 2021 at 13:31

28 votes

Am I experiencing a brute force attack?

answered Jan 15, 2016 at 10:29

26 votes

Can I simply search-replace < and >?

answered Jan 15, 2016 at 8:42

14 votes

How do you prevent sending cookie data over HTTP the first time?

answered Mar 12, 2018 at 20:27

13 votes

Blocking people from taking pictures of me with smartphone

answered Aug 9, 2019 at 9:09

12 votes

Do 2FA sites leak info by confirming a correct password guess?

answered Jun 3, 2016 at 18:45

11 votes

Accepted

Is this a phishing link?

answered May 5, 2017 at 21:15

11 votes

Why didn't OSes securely delete files right from the beginning? And why do they still not do this?

answered Jan 15, 2016 at 14:22

10 votes

Do XSS attempts leave any trace on the server?

answered Mar 15, 2018 at 13:43

10 votes

Global variables and information security

answered Sep 3, 2019 at 8:16

10 votes

Accepted

Should CVE be assigned to an application even if the vulnerability is in a vulnerable 3rd-party library?

answered Mar 11, 2021 at 13:37

9 votes

Accepted

Is CSP meant to be used with HTTPS (TLS) only?

answered Nov 23, 2021 at 14:37

9 votes

Is that a good idea? - Firefox/Chrome in-content encryption

answered Mar 22, 2019 at 10:34

9 votes

Accepted

How is SHA-1 insecure if it is not vulnerable to what MD5 is?

answered Mar 16, 2016 at 22:04

8 votes

When can you not use strcmp?

answered Jan 12, 2016 at 12:42

8 votes

Any non alert() based non malicious XSS payloads?

answered Jan 22, 2016 at 11:01

Stack Exchange Network

118 Answers

Can ads on a page read my password?

How to find out what programming language a website is built in?

Exploiting the delay when a festival ticket is scanned

Why is this certificate for Imgur only valid for one day?

What are the cons of stateless password generators?

What vulnerability is a math operation in an HTTP request trying to exploit?

Is it safe to check password against the HIBP Pwned Passwords API during account registration?

What's the point in hashing phone numbers?

How bad would a partial hash leak be, realistically?

Website seeing my Facebook data?

Security of my homebrew hash algorithm

Accessing multiple sites via HTTPS produces different, unrelated content (Peugeot club via HTTPS)

Predicting Math.random() numbers?

Running code generated in realtime in JavaScript with eval()

John the ripper password cracked or not?

Am I experiencing a brute force attack?

Can I simply search-replace < and >?

How do you prevent sending cookie data over HTTP the first time?

Blocking people from taking pictures of me with smartphone

Do 2FA sites leak info by confirming a correct password guess?

Is this a phishing link?

Why didn't OSes securely delete files right from the beginning? And why do they still not do this?

Do XSS attempts leave any trace on the server?

Global variables and information security

Should CVE be assigned to an application even if the vulnerability is in a vulnerable 3rd-party library?

Is CSP meant to be used with HTTPS (TLS) only?

Is that a good idea? - Firefox/Chrome in-content encryption

How is SHA-1 insecure if it is not vulnerable to what MD5 is?

When can you not use strcmp?

Any non alert() based non malicious XSS payloads?