Questions tagged [source-code]
Security relative to source-code edition, protection and management.
47 questions
76votes
19answers
6kviews
What security resources should a white-hat *developer* follow these days? [closed]
What sites, twitter accounts, FOSS software should a white-hat code 'hacker' follow these days? Do Include: Late breaking information on new security issues (RSS, Twitter, etc) A website that tracks ...
9votes
5answers
29kviews
Hiding JavaScript source code
In a web-app should one strive to hide as much of the code as possible, for example from view source? In particular I was wondering should JavaScript be hidden, especially ones used for Ajax? I was ...
- 10.2k
46votes
15answers
12kviews
Should we protect web application source code from being stolen by web hosts through obfuscation?
Is it worth to obfuscate a java web app source code so that the web host cannot make wrong use of the code or even steal your business? If so, how should this be dealt with? How should we obfuscate? ...
- 741
34votes
4answers
12kviews
Which security measures does PyPI and similar third-party software repositories take?
PyPI is a third-party software repository for Python packages. Everybody can upload packages to it (see The Python Package Index (PyPI)). How does PyPI prevent people from uploading malware? When I am ...
- 3,962
22votes
4answers
7kviews
Malwares source repositories. Where? [closed]
As the best way to learn is to read the code, do you know where I can find malware/virus/whatever source code to read?
- 2,020
86votes
6answers
85kviews
How do large companies protect their source code?
I recently read the canonical answer of our ursine overlord to the question on How do certification authorities store their private root keys? I then just had to ask myself: How do large companies (e....
- 9,850
45votes
3answers
7kviews
How safe are signed git tags? Only as safe as SHA-1 or somehow safer?
How safe are signed git tags? Especially because git uses SHA-1. There is contradictory information around. So if one verifies a git tag (git tag -v tagname), then checksouts the tag, and checks that ...
- 784
22votes
6answers
26kviews
How can I enumerate all the saved RSA keys in the Microsoft CSP?
I have an application that is creating several keys and storing them in various stores (in this case the Machine store). How can I enumerate all the keys on a given Windows system? ...
- 51.1k
17votes
5answers
16kviews
Obfuscating JavaScript code
Some Flash developers are afraid of JavaScript. Their point of view: Stealing JS source code is effortless, one would just 'view source' and copy it. Yes, you can decompile Flash bytecode, however it ...
- 273
17votes
5answers
39kviews
How can one secure a password/key in source code [duplicate]
If there is a need for source code to have a password in it, how should this be secured? This is purely an example, but say there is an app that is using an API, and you don't want to expose your ...
- 273
11votes
2answers
779views
What is considered the simplest (or lightest) secure development lifecycle?
Microsoft has there simplified SDL: "The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development." "The process outlined in this paper sets ...
- 13.8k
9votes
7answers
1kviews
Proving running code on a website is unchanged
Can it be proved to the user that the running code behind a website with security related code is the same as published? I'm currently looking at a few new project ideas and one involves secure ...
- 212
86votes
6answers
20kviews
How am I ever going to be able to "vet" 120,000+ lines of Composer PHP code not written by me? [duplicate]
I depend on PHP CLI for all kinds of personal and (hopefully, soon) professional/mission-critical "business logic". (This could be any other language and the exact same problem would still stand; I'm ...
26votes
4answers
9kviews
Example of a backdoor submitted to an open source project?
To clarify immediately, I'm not interested in writing a backdoor. I have no interest in submitting backdoor changelists to projects myself. I'm researching some source modeling techniques, and we're ...
- 361
22votes
2answers
6kviews
Is there a way to verify a binary against the sources?
It seems like there is no practical way to verify the full integrity path of precompiled and packaged software? I can check the downloaded package itself by hashes, but I have no verification if the ...
- 391
