Newest Questions

I am planning to start a new web site on ASP.NET MVC 2 (3). Does anybody have a full (if possible) check list of actions or approaches I should go through to avoid most security issues?

Suhosin can be used to increase the security of your PHP application. I can really see the use of it when you are using shared hosts, with multiple (possibly evil) people running their PHP apps there. ...

We are trying to decide which web server to choose for our PHP application. Which of Apache, nginx or lighttpd is the most secure? Which of these has had the most and most severe security holes?

I have a PHP application that I would like to have audited for security. I'm familiar with most of the general security issues, but want to make sure I didn't miss anything. What steps should I take ...

In a web application there could be two approaches to mitigate XSS attacks: all the input data could be filtered (removing all 'bad' data), or the input could be parsed, tokenized and output with ...

From the view of somebody offering a web application, when somebody connects with TLS (https) to our service and submits the correct authentication data, is it safe to transmit all sensitive data over ...

I've started using Ruby on Rails, and I was wondering if there were any security gotchas to watch out for with Rails, particularly regarding code injection and XSS? I know Rails tries to prevent ...

This semester, I'm offering a course on "secure software development". The course is divided into three parts: Secure Software Engineering Reverse Engineering Secure Coding Do you know of any courses (...

I usually play Mafia Wars and use bookmarklets like Spockholm, Arum, etc. Can these bookmarklets get my Facebook data when I run them, they usually ask to unframe the Facebook page? I was just ...

On the surface bcrypt, an 11 year old security algorithm designed for hashing passwords by Niels Provos and David Mazieres, which is based on the initialization function used in the NIST approved ...

I read somewhere that adding a salt at the beginning of a password before hashing it is a bad idea. Instead, the article claimed it is much more secure to insert it somewhere in the middle of the ...

In an effort to be PCI DSS compliant, I took a trustkeeper.net questionnaire. I failed the question that asks: Is the presence of wireless access points tested for by using a wireless analyzer at ...