Questions tagged [vulnerabilities]
The vulnerabilities tag has no summary.
14 questions
27votes
9answers
8kviews
Is it a security vulnerability to declare class members as public?
I have always wondered whether public, protected, and private has security implications post compilation. Hypothetically: class Foo { public: int m_Foo; // Completely vulnerable and dangerous ...
- 3,633
3votes
1answer
164views
How do projects manage security with so many dependencies in open source projects?
Some node.js libraries (just as an example) can pull in literally hundreds of dependencies. Some of these dependencies are small packages that only have one contributor. Often times the contributor ...
9votes
3answers
3kviews
Ensure unsafe code is not used accidentally
A function f() uses eval() (or something as dangerous) with data which I created and stored in local_file on the machine running my program: import local_file def f(str_to_eval): # code.... ...
- 479
41votes
13answers
9kviews
How safe is it to compile a piece of source code from a random stranger? [closed]
Suppose I'm reviewing code that job applicants send to prove their skills. Clearly I don't want to run executables they send. Not so clearly I'd rather not run the result of compilation of their code (...
- 4,377
-2votes
1answer
152views
Is software inherently buggy and hence, vulnerable? [duplicate]
Could no amount of formal analysis, type/rule checking prevent it's exploitation? How about a fully verified kernel such as SEL4 ?
- 97
2votes
1answer
746views
How to check for vulnerabilities in web application [closed]
I have developed a web application using zend framework, mysql, and other client side technologies like javascript, jquery ajax, kendo grid, and so on. I have completed development and have done ...
- 131
5votes
0answers
124views
What To Do If I've Found a Vulnerability In a Possible Future Employers Site? [duplicate]
I've been self employed for a long time now and have recently decided that PHP development within a company is the route I'd like to go down. I had an initial interview/meeting yesterday with a ...
- 289
1vote
2answers
788views
What is the story behind Java Vulnerabilities?
I always appreciated the Java language. It is known as a very secure platform and many banks use it in their web applications. I wanted to build a project for my school and I discussed the options ...
- 63
23votes
9answers
5kviews
Why is it so difficult to make C less prone to buffer overflows?
I'm doing a course in college, where one of the labs is to perform buffer overflow exploits on code they give us. This ranges from simple exploits like changing the return address for a function on a ...
- 860
5votes
3answers
357views
Examining source code for maliciousness and security vulnerabilities
What are some techniques in determining if a particular piece of source code is malicious or vulnerable to malicious attack? I am currently using cppcheck and I am waiting on an install of Rational ...
- 3,228
14votes
4answers
12kviews
What are the security risks/vulnerabilities every C programmer must be aware of? [closed]
There are many security risks coming from having close contact to the hardware as opposed to using well-tested and proved APIs from high level programming languages. It is much easier to cause a ...
- 11.2k
5votes
4answers
471views
Small projects using the cathedral model: does open-source lower security?
We know of Linus' law: With enough eyeballs all bugs are shallow In general, people seem to say that open-source software is more secure because of that very thing, but... There are many small OSS ...
- 11.2k
38votes
14answers
7kviews
What to do if you find a vulnerability in a competitor's site?
While working on a project for my company, I needed to build functionality that allows users to import/export data to/from our competitor's site. While doing this, I discovered a very serious security ...
6votes
5answers
2kviews
Is it safe to display information about old passwords on login failure?
When I changed my Facebook password yesterday, by mistake I entered the old one and got this: Am I missing something here or this is a big potencial risk for users. In my opinion this is a problem ...
- 604
