Questions tagged [source-code]
Security relative to source-code edition, protection and management.
240 questions
0votes
0answers
22views
How can I stop C code from debugging while it's being compiled using GCC? [closed]
These days, software programs on the internet have a number of security features. These are taken seriously by the most fundamental reverse engineers, who use them to demonstrate that the codes are ...
- 111
0votes
0answers
92views
Is our codebase secure while we are using the AI agents and copilots?
In today's world of AI, we are seeing new AI models and agents coming up, almost every day, that claim to be near to a human programmer. That said, a few security concerns are getting raised in my ...
1vote
1answer
104views
Is there evidence that using SAST / SCA brings positive ROI to software companies?
Using SAST / SCA tools within the delivery pipelines is quite common these days; however, in the software my teams are building, the SAST tools that we're using are very rarely finding even relatively ...
1vote
1answer
81views
Preventing Unauthorized Public Exposure of Repositories
Recently, a developer accidentally made a private repository public, which contained secret keys. Although a third-party application promptly flagged and rotated the exposed credentials, the ...
- 11
1vote
1answer
478views
Decrypt python source code at runtime [closed]
I'm wondering if it's possible to get the source code of some python program if the developer encrypted this source. We download a program in which the source is encrypted. But in order to translate ...
3votes
1answer
1kviews
How do I prevent user from accessing docker image content?
I have a SaaS web application. One of my clients needs the app to be installed on his infrastructure (meaning physically on servers only they can access). The application stack is 2 docker images: one ...
- 31
49votes
3answers
14kviews
Malicious code somehow hidden with whitespace?
I recently came across a php file on a compromised website that had what appeared (in Sublime Text) to be a huge white-space gap. When I run a diff against the original source file I can clearly see ...
- 615
1vote
1answer
107views
Is switching my C/C++ compiler for security testing generally reliable?
If I am shipping a program to my customers which is compiled with GCC, but I want to test the security of the program using Clang, is this generally okay, or will I miss certain security bugs because ...
- 1,347
2votes
3answers
427views
Is it safe to check-in a RSA private key?
As far as I know, it is bad to check-in something like a password in a version control system. However, I saw in a project that a private_key.pem file with -----BEGIN RSA PRIVATE KEY----- ... content ...
- 121
2votes
3answers
420views
Is Chrome's view-source dangerous when visiting malicious sites? [duplicate]
What are the risks of viewing the source code of malicious pages on Google Chrome? I want to go directly to view-source:https://example-site.com to visit the sites without rendering anything malicious ...
2votes
4answers
1kviews
Code obfuscation and source code repositories
As I understand, code obfuscation is used to make reverse engineering difficult/hard for the adversaries/red team. Now if I use a source code obfuscator where a .C/.CPP file is used as input and an ...
2votes
1answer
508views
Validating web app source code integrity
I am interested if it could be possible to validate source code integrity for web apps somehow. For example: Developer builds app and sign source code with his private key. Both signature and public ...
- 21
1vote
1answer
128views
How to deal with targeted attacks from publisher when verifying the integrity of native applications and validating their source code?
I am trying to reason about how native apps can avoid the problems web apps have in dealing with the "Browser Cryptography Chicken and Egg" problem, which has been discussed numerous times ...
- 13
1vote
1answer
553views
How is it possible to simply a decode Bluetooth communications from a medical device?
Excuse the naive question but I'm trying to understand a bit about security in home health and medial devices and a recent report about how home Covid test results can be altered has left me a bit ...
- 333
3votes
1answer
547views
Does using view page source on a possibly malicious site carry any real risks?
As far as I know, View page source does not execute any JavaScript, but is that good enough? Could there in theory be any vulnerabilities in the HTML parser or something similar? Have there been any ...
- 1,685
