Top Questions

211k

answered yesterday

9votes

3answers

2kviews

Overlap for One-Time Passwords

Maarten Bodewes

4,983

-3votes

0answers

89views

How to know whether a plate number is being faked or not? [closed]

Martheen

1,146

modified yesterday

4votes

2answers

652views

Are truncated SHA-256 hashes safe enough when collisions are not a risk?

211k

3votes

2answers

862views

Hiding information in the SAN field of a certificate

211k

answered Apr 24 at 15:01

0votes

0answers

28views

Can my work see my BitTorrent downloads on a personal device when logged into the company WiFi? [closed]

Plump Wagon

1

asked 2 days ago

0votes

0answers

22views

How can I stop C code from debugging while it's being compiled using GCC? [closed]

133k

0votes

0answers

24views

Creating a pentester tool in c/c++ that's used for controlled sections like bug bounty programs? [closed]

133k

5votes

2answers

1kviews

Accessing a database publicly via HTTPS API vs. native but with client certificates

33.7k

answered Apr 22 at 20:43

3votes

1answer

29views

How to migrate an OLD Yubikey with an OLD PGP key to a NEW Yubikey with a NEW PGP Key? Cross-signing, certifying, etc

33.7k

3votes

2answers

695views

Are client certificates a secure way of having publicly facing SQL database?

Vitor Figueredo Marques

223

modified Apr 23 at 22:29

2votes

1answer

177views

For the same private key, I have two slightly different public keys. Is it normal?

Maarten Bodewes

4,983

modified Apr 25 at 9:42

0votes

0answers

23views

Checkmarx seeing vulnerabilities in DLL files but the package has already been updated

willie revillame

1

asked Apr 25 at 15:10

0votes

0answers

19views

Issues consuming HTTP FastAPI from HTTPS-embedded widget (frontend fetch)

Angel Panda

1

asked 2 days ago

9votes

3answers

3kviews

Is it acceptable to ignore potential XSS payloads if they are not executed on our side?

Toph

161

answered Apr 16 at 11:33

4votes

2answers

1kviews

How to check if a file contains exploit for a specific zero day vulnerability?

Maarten Bodewes

4,983

modified Apr 22 at 19:52

1vote

0answers

73views

CTF finding flag in an image [closed]

133k

modified Apr 24 at 7:57

0votes

0answers

51views

Sanity check on how bad my router's VPN is [closed]

133k

modified Apr 25 at 10:11

0votes

1answer

62views

Is using software without buying all available patches against security standards?

Gh0stFish

18.2k

answered Apr 23 at 16:35

1vote

1answer

92views

Is it safe to publish encrypted secrets in a git repository?

33.7k

answered Apr 23 at 15:31

1vote

1answer

24views

Is using req.path as a file path in an Express route vulnerable?

cis

377

answered Apr 24 at 11:55

0votes

0answers

27views

Server invisible cookies using service workers [migrated]

Dana v

51

modified Apr 24 at 8:37

0votes

1answer

51views

Is this an effective scheme to store EEE key on browser client?

33.7k

answered Apr 23 at 4:53

13votes

4answers

3kviews

Cryptographic strength of VeraCrypt

Josiah

1,897

answered Apr 12 at 20:51

2votes

1answer

239views

What is the hashed password in the master.passwd file?

211k

modified Apr 20 at 18:25

3votes

1answer

1kviews

Can a public certificate provider impersonate an AD?

Crypt32

6,904

modified Apr 16 at 6:56

-2votes

0answers

63views

Why is open banking called open banking [closed]

133k

modified Apr 21 at 9:06

0votes

0answers

35views

How to detect if HDD DCO (Device Configuration Overlay) has been modified, and why does --dco-identify sometimes fail? [closed]

Noobie

1

asked Apr 21 at 20:03

3votes

1answer

3kviews

Are there any security concerns with this authentication flow?

33.7k

modified Apr 8 at 2:29

0votes

1answer

103views

Setup Tor Hidden Service Anonymously

33.7k

answered Apr 19 at 6:57

1vote

1answer

53views

Windows RPC "ephemeral" ports

Greg Askew

296

modified Apr 19 at 8:37

1vote

1answer

115views

How to securely build code from the internet on my servers?

33.7k

answered Apr 16 at 23:33

1vote

2answers

80views

Why would a file need both a rmd160 and a sha256 hash of a file?

211k

modified Apr 18 at 5:36

12votes

3answers

3kviews

Why shred before LUKS disk encryption?

Seth Robertson

121

answered Apr 1 at 1:59

0votes

1answer

85views

How exploitable is a redirect caused by sending a malicious X-Forwarded-Host header?

33.7k

answered Apr 17 at 3:49

4votes

0answers

141views

What if MITRE's CVE goes dark? [closed]

133k

modified Apr 16 at 7:51

6votes

4answers

2kviews

Hashing security question answers for bank account portal activation

SE Does Not Like Dissent

168

answered Apr 2 at 21:57

2votes

0answers

49views

Why can't a Cognito user in the FORCE_CHANGE_PASSWORD state go through the forgot password flow?

133k

modified Apr 17 at 16:39

-2votes

1answer

49views

what is the recommended xml secure configuration to prevent xxe

33.7k

answered Apr 17 at 2:55

0votes

0answers

48views

How to determine what was done to the string before it was hashed? [duplicate]

133k

modified Apr 17 at 8:38

2votes

0answers

23views

How to Configure BeEF Autorun Engine to Trigger Rules on Every Zombie Hook

akiva taub

21

modified Apr 18 at 14:00

1vote

1answer

41views

How is SLSA compliance meant to be used? Is it something you're meant to advertise to end users?

MechMK1

226

answered Apr 16 at 0:45

1vote

1answer

43views

Using OPAQUE without envelope checksums