Information Security Stack Exchange

0votes

1answer

539views

OAuth alternative for two-party scenario?

CommunityBot

1

modified 59 mins ago

1vote

1answer

287views

Using AWS System Manager Parameter Store SecureString in config file in ec2

CommunityBot

1

modified 6 hours ago

0votes

0answers

17views

For AES-GCM, why do protocols not use the nonce to prevent replay attacks? [migrated]

Coffe

1

asked 7 hours ago

1vote

1answer

5kviews

Can I create an SSL certificate on windows signed with the machine's certificate?

Jenni Skott

1

modified 8 hours ago

2votes

0answers

53views

Impossible optimization in IKE Intermediate RFC?

hakoja

129

asked yesterday

3votes

1answer

606views

How to detect malicious actor altering DNS responses?

CommunityBot

1

modified yesterday

2votes

1answer

2kviews

Apple Mail versus GMail app content security

CommunityBot

1

modified yesterday

-3votes

0answers

86views

How to know whether a plate number is being faked or not? [closed]

Martheen

1,146

modified yesterday

2votes

1answer

122views

Extract CRT and KEY from signed PEM file without the openssl tool

Steffen Ullrich

211k

answered yesterday

10votes

2answers

3kviews

What are the preferred ways to exchange public keys physically?

Glorfindel

2,295

modified yesterday

1vote

1answer

580views

AES ECB cookie bypass

RainnyD

1

modified yesterday

0votes

0answers

21views

How can I stop C code from debugging while it's being compiled using GCC? [closed]

schroeder♦

133k

modified yesterday

4votes

2answers

647views

Are truncated SHA-256 hashes safe enough when collisions are not a risk?

Steffen Ullrich

211k

modified yesterday

0votes

0answers

28views

Can my work see my BitTorrent downloads on a personal device when logged into the company WiFi? [closed]

Plump Wagon

1

asked yesterday

6votes

2answers

128views

Can a nonconformity be raised against a control - for ISMS audit based on ISO 27001?

Whookiee

21

answered yesterday

0votes

0answers

24views

Creating a pentester tool in c/c++ that's used for controlled sections like bug bounty programs? [closed]

schroeder♦

133k

modified 2 days ago

3votes

1answer

366views

Is it safe for website to generate fake profile pages?

CommunityBot

1

modified 2 days ago

3votes

1answer

29views

How to migrate an OLD Yubikey with an OLD PGP key to a NEW Yubikey with a NEW PGP Key? Cross-signing, certifying, etc

Ja1024

33.7k

modified 2 days ago

2votes

2answers

1kviews

tunnelling HTTP request through DMZ from a secured area

CommunityBot

1

modified 2 days ago

9votes

3answers

2kviews

Overlap for One-Time Passwords

Maarten Bodewes

4,983

modified 2 days ago

2votes

1answer

642views

HTTP Headers: Document Policy vs. Permissions-Policy/Feature-Policy

CommunityBot

1

modified 2 days ago

2votes

1answer

3kviews

how to generate RSAES-OAEP keys?

CommunityBot

1

modified 2 days ago

0votes

0answers

18views

Issues consuming HTTP FastAPI from HTTPS-embedded widget (frontend fetch)

Angel Panda

1

asked 2 days ago

0votes

0answers

23views

Checkmarx seeing vulnerabilities in DLL files but the package has already been updated

willie revillame

1

asked 2 days ago

1vote

1answer

277views

How does DNSCurve protect against forgery in a man-in-the-middle attack scenario?

CommunityBot

1

modified Apr 25 at 12:09

0votes

0answers

51views

Sanity check on how bad my router's VPN is [closed]

schroeder♦

133k

modified Apr 25 at 10:11

2votes

1answer

176views

For the same private key, I have two slightly different public keys. Is it normal?

Maarten Bodewes

4,983

modified Apr 25 at 9:42

2votes

2answers

164views

What's the point of users having to authorize their SSH keys and tokens they created themselves when SAML single sign-on is enabled on GitHub?

Sophie Alpert

101

answered Apr 25 at 5:48

1vote

2answers

737views

What are some symptoms of malware exfiltrating data in packet captures?

CommunityBot

1

modified Apr 24 at 19:04

2votes

1answer

371views

Which OAuth2 flow should I use?

CommunityBot

1

modified Apr 24 at 15:05

3votes

2answers

860views

Hiding information in the SAN field of a certificate

Steffen Ullrich

211k

answered Apr 24 at 15:01

0votes

2answers

1kviews

Crunch wordlist with different number of words

CommunityBot

1

modified Apr 24 at 13:03

2votes

1answer

836views

OpenID Connect Web Message Response Mode and XSS

CommunityBot

1

modified Apr 24 at 12:03

1vote

1answer

24views

Is using req.path as a file path in an Express route vulnerable?

cis

377

answered Apr 24 at 11:55

3votes

3answers

3kviews

Gaming Mods Security Risks

schroeder♦

133k

modified Apr 24 at 10:34

0votes

1answer

295views

Does Windows Defender remove registry keys and scheduled tasks for items on its exclusion list?

schroeder♦

133k

modified Apr 24 at 10:20

0votes

0answers

27views

Server invisible cookies using service workers [migrated]

Dana v

51

modified Apr 24 at 8:37

23votes

3answers

7kviews

Why is the synchronizer token pattern preferred over the origin header check to prevent CSRF

n0099

103

modified Apr 24 at 8:07

1vote

0answers

71views

CTF finding flag in an image [closed]

schroeder♦

133k

modified Apr 24 at 7:57

3votes

2answers

365views

Encrypted log entries authorization

CommunityBot

1

modified Apr 24 at 6:04

3votes

2answers

694views

Are client certificates a secure way of having publicly facing SQL database?

Vitor Figueredo Marques

223

modified Apr 23 at 22:29

1vote

1answer

684views

Getting reverse shell from firewalled target

CommunityBot

1

modified Apr 23 at 18:05

0votes

0answers

7views

Gathering entropy at different times using a cycle counter [migrated]

a3f

101

asked Apr 23 at 16:54

0votes

1answer

59views

Is using software without buying all available patches against security standards?

Gh0stFish

18.2k

answered Apr 23 at 16:35

1vote

1answer

92views

Is it safe to publish encrypted secrets in a git repository?

Ja1024

33.7k

answered Apr 23 at 15:31

0votes

2answers

714views

Getting a couple of remote login and calls into Ubuntu server?

CommunityBot

1

modified Apr 23 at 10:07

0votes

1answer

51views

Is this an effective scheme to store EEE key on browser client?

Ja1024

33.7k

answered Apr 23 at 4:53

5votes

2answers

1kviews

Accessing a database publicly via HTTPS API vs. native but with client certificates

Ja1024

33.7k

answered Apr 22 at 20:43

Top Questions

Looking for more? Browse the complete list of questions, or popular tags. Help us answer unanswered questions.