Skip to main content
Information Security

Questions tagged [web-application]

Ask Question

An application that is accessed over a network such as the Internet or an intranet using a browser.

3,423 questions
NewestActiveBountiedUnanswered
0votes
1answer
51views

Is this an effective scheme to store EEE key on browser client?

Application For the application, I have a user password encrypted private-key, which is basically the root-key stored in servers. User is prompted for password when he logs in, it decrypts the private ...
Dana v's user avatar
Dana v
  • 51
1vote
0answers
42views

Using browser extension to allow webapp to extract user cookies for third party website [closed]

I have written an app that uses a bespoke browser extension to extract my cookies for a third party website so that the cookies can then be passed to selenium running on a server which allows selenium ...
Angus's user avatar
Angus
  • 11
2votes
2answers
142views

What is the problem with Deserialization?

BinaryFormatter has been removed from C# due to security concerns. In the migration guide it is written: "Any deserializer, binary or text, that allows its input to carry information about the ...
SK19's user avatar
SK19
  • 121
15votes
2answers
5kviews

Web application contains a link to a non-existing domain, is this a vulnerability?

I got a Dynamic Application Security Testing (DAST) scan that reports an issue on a web application. It says "The web application contains a link to a non-existing domain" and it's marked ...
anonymous's user avatar
anonymous
  • 465
1vote
1answer
140views

What's the deal with CISA adding CVE-2024-49035 (Microsoft Partner Center vulnerability) to its catalog of exploited vulnerabilities?

Two weeks ago (Feb 25, 2025), CISA added CVE-2024-49035 to its catalog of actively exploited vulnerabilities. Now, the thing is: CVE-2024-49035 is not a "classic" vulnerability in a software ...
Heinzi's user avatar
Heinzi
  • 3,940
0votes
0answers
36views

standard to identify security checklist for web application/apis

I am looking for a standard to refer to in order to write a security checklist that could be followed to proactively implement security at design level. I went through the OWASP ASVS, it mentions some ...
anonymous's user avatar
anonymous
  • 465
2votes
1answer
666views

How to protect web app against login CSRF while also allowing mobile app/curl to access REST API?

I am using Django REST framework. I want a single API for all of my clients (web, mobile, curl). I understand that I need to include a CSRF token in requests originating from the web client, to ...
Slav's user avatar
Slav
  • 125
4votes
1answer
681views

Attack surface of a reverse proxy secured with mTLS?

Suppose that I have a reverse proxy such as caddy or Traefik that requires a client certificate to authenticate via mTLS, globally across reverse proxy. What is the attack surface for services behind ...
Brian's user avatar
Brian
  • 43
0votes
0answers
40views

What Is the Best Validation Logic for an Internal API Gateway in Trading Systems?

Context: To briefly describe our system, we are preparing a cryptocurrency exchange platform similar to Binance or Bybit. All requests are handled through APIs. We have an External API Gateway that ...
JJ J's user avatar
JJ J
  • 1
0votes
2answers
86views

Login token in GET request

I would like to ask if the following solution is correct. I don’t think so, but I would like to hear someone else’s opinion. In the admin control of our system, there is a function where I can open a ...
Jozko Mrkvicka's user avatar
Jozko Mrkvicka
  • 41
0votes
0answers
119views

"Blind SQL Injection (Time-Based)" vulnerability in ASP.NET web application

I am working on an ASP.NET web application, and a recent security scan (conducted using SecurityMetrics) flagged a vulnerability related to Blind SQL Injection (Time-Based). Here are the details of ...
Virender Thakur's user avatar
Virender Thakur
  • 101
1vote
1answer
91views

How to store and manage user generated javascript code on website

I am currently working on a website where people can upload their pictures, put them in frames, add certian already coded effects. But, i know that there are some more invested users that would be ...
MateuszC's user avatar
MateuszC
  • 111
4votes
2answers
2kviews

Is it possible to proxy USB and disconnect when a certain sequence is intercepted before it is (fully) passed to the real USB device?

Let's assume: I have a piece of software (with a webUI) that has access to a USB device through the host OS. The software itself can't be changed. The software has the ability to perform a firmware ...
Bob Ortiz's user avatar
Bob Ortiz
  • 7,657
2votes
0answers
81views

Evaluating Self-Hosted Web Applications

Background: There are a lot of self-hosted web applications these days, and often, more than one for the same purpose. In my case I am looking for a replacement for GitHub or other big tech/cloud git ...
The Floating Brain's user avatar
The Floating Brain
  • 123
0votes
1answer
207views

Is encrypt a private key using the user password and store it into the server a bad idea?

I'm building a SaaS where some data needs to be stored in an encrypted format. You should be able to access this data from any device, as long as you remember your account credentials. Also, if you ...
lorenzo's user avatar
lorenzo
  • 103

153050per page
1
2345
229
close