Skip to main content
Information Security

All Questions

Ask Question
Tagged with
9 questions
NewestActiveBountiedUnanswered
2votes
3answers
420views

Is Chrome's view-source dangerous when visiting malicious sites? [duplicate]

What are the risks of viewing the source code of malicious pages on Google Chrome? I want to go directly to view-source:https://example-site.com to visit the sites without rendering anything malicious ...
clueless_robot's user avatar
clueless_robot
  • 21
1vote
0answers
211views

Single-Page Application authentication and ISO 27001

I have a single-page javascript application that communicates with a .NET API running in IIS. Authentication is done after loading the application frontend, using an OAuth token from Office 365, ...
Alexander's user avatar
Alexander
  • 2,153
9votes
2answers
651views

Given a vulnerable JavaScript snippet from a Stack Overflow answer, how can I cheaply find websites whose authors have copied and pasted it?

Frequently, Stack Overflow answers to JavaScript questions contain XSS vulnerabilities (or vulnerabilities of other kinds). For instance, this answer with 420 upvotes and a quarter of a million views ...
Mark Amery's user avatar
Mark Amery
  • 1,847
3votes
1answer
115views

Solution for Enterprise SW Eng. with Github and NPM [closed]

Can anyone share an architecture or framework that supports the use of Open Source software in enterprise software development environments? I'm seeking solutions to manage and mitigate the risk of ...
Colin's user avatar
Colin
  • 181
1vote
2answers
7kviews

Source code disclosure vulnerability

I am a bit confused about the discussion here about hiding javascript source code. Let's say if I browse to a url like this: http://www.example.com/site/somejs.js and then what I see is something like ...
dorothy's user avatar
dorothy
  • 725
5votes
0answers
6kviews

AngularJS Static Analysis Tools [closed]

I am setting up a software security initiative at a small software company. Part of this is selecting a static analysis tool for early and automated detection of security vulnerabilities. Many ...
akton's user avatar
akton
  • 371
17votes
5answers
16kviews

Obfuscating JavaScript code

Some Flash developers are afraid of JavaScript. Their point of view: Stealing JS source code is effortless, one would just 'view source' and copy it. Yes, you can decompile Flash bytecode, however it ...
hidarikani's user avatar
hidarikani
  • 273
9votes
5answers
29kviews

Hiding JavaScript source code

In a web-app should one strive to hide as much of the code as possible, for example from view source? In particular I was wondering should JavaScript be hidden, especially ones used for Ajax? I was ...
Celeritas's user avatar
Celeritas
  • 10.2k
7votes
3answers
633views

Are there any tools to detect JavaScript-based WCF/AJAX calls?

I'd like to determine if a given JavaScript contains the logic to make a AJAX/WCF call, or determine if one is being executed at runtime. Does anything like this exist?
makerofthings7's user avatar
makerofthings7
  • 51.1k

close