Stack Overflow
Stack Overflow

Questions tagged [application-security]

Application layer security design, implementation, vulnerability assessments and concerns, as opposed to infrastructure (e.g., ACLs on routers, IDSes, etc.)

encompasses measures taken throughout the code's life-cycle to prevent gaps in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance or database of the application.

as stated in Wikipedia.

Since this tag is used in its general meaning, you are strongly encouraged to use one or more additional tags to better describe your specific case.

50 questions
1
vote
1 answer

applying security to application's code input page

We have a grails-groovy(right now version 1.3.7) based application with Oracle 11g database. We have to make it OWASP complaint so we are thinking of all possible security enhancements/plugins. The main issue is here: We have a create email template…
pri_dev
  • 11,315
  • 15
  • 70
  • 122
1
vote
0 answers

Flutter how to check if a debugger is attached to the application

Security team wants me to use preventive techniques to prevent the debugger from connecting to the application. For Android, it can be done using the isDebuggerConnected method of the android.os.Debug class. For iOS, the use of PT_DENY_ATTACH can be…
Antonycx
  • 209
  • 3
  • 14
1
vote
0 answers

x-up-calling-line-id header field is not available from new chrome browser update

In my Spring MVC application, I'm using x-up-calling-line-id header field to get mobile number and the application was working fine with all web browsers . But, with current updates of chrome browser, that header is not exist and application is…
K.G.K.Thilina
  • 111
  • 2
  • 11
1
vote
4 answers

Determining complex security and permissions

I've been put on a project that has a messy class that writes buttons to a page. The app is a document manager and has a popup list of buttons, such as download, email, and print. Depending on the user's roles, and the state of the document,…
MrGrigg
  • 1,732
  • 2
  • 21
  • 26
1
vote
1 answer

Terraform: how to implement Application Security Groups in Azure RM

Problem I discovered that I can integrate Application Security Groups (ASG) into a Network Interface when using the azurestack resource provider, but I cannot do so when using the azurerm resource provider. My Understanding I do not understand why I…
Mike Williamson
  • 4,915
  • 14
  • 67
  • 104
1
vote
0 answers

What would happen if my iOS distribution certificate is compromised?

I am an iOS newbie and would really like to focus on the security of my iOS app signing certificates. In my understanding, for a malicious actor to be able to misuse my leaked distribute certificate would need to crack through following 3 layers to…
Ashking
  • 19
  • 1
1
vote
0 answers

Why JsonSanitizer is not working for Json Injection?

Security tool is complaining JsonInjection when deserializing the json string into java model. My application have been using jackson to do serialization/deserialization. I read jackson does default escaping things and all and referenced internet…
VIJAYKUMAR SUBRAMANI
  • 53
  • 1
  • 11
1
vote
0 answers

How to fix invalid query filter exception when dealing with LDAP search?

Escaping comma in distinguished name is throwing "Invalid LDAP search query". I am trying to fix a security ldap injection violation. When I search with dn, special characters needs to be escaped per owasp recommendation. So, I have added the below…
VIJAYKUMAR SUBRAMANI
  • 53
  • 1
  • 11
1
vote
1 answer

Type 0 (DOM-Based) XSS Prevention for JSP Applications

Unlike the standard XSS attacks, which rely on dynamic web pages, a DOM-based XSS attack does not require sending any malicious code to the server and thus can also use static HTML pages. My humble question is whether a developer can securely code a…
user164701
  • 807
  • 1
  • 6
  • 19
1
vote
1 answer

How to apply security permissions to static files with ASP.NET MVC?

I'm trying to use ASP.NET MVC to have a web app that will take details about a parent item and allow uploads and sharing of files which are associated with and stored under the name of the parent item. The files I want to protect are stored in this…
Rem
  • 105
  • 8
1
vote
2 answers

Missing projects information from the OWASP Secure Coding Practices

When I found the OWASP Secure Coding Practices Guide, I felt like I had found a hidden gem. The information in the checklist format is great. Although I was disappointed to see that links pointed to multiple other external projects is not found and…
pal4life
  • 3,210
  • 5
  • 36
  • 57
1
vote
1 answer

Proper way to document and log brute force attacks when creating a user account

We have the following use case: Users can self register for a business account by filling a validation form with their id,First, last name and DOB. ID is something that only the user knows ahead of time. Users have 5 attempts to match all of their…
user6123723
  • 10,546
  • 18
  • 67
  • 109
1
vote
3 answers

Yii2 - Unknown Property – yii\base\UnknownPropertyException Getting unknown property: yii\web\Application::security

HI i installed yii2 and write application. I used git. When I transfer application to the server. Everything looks fine. But when I try to login I get this message: Unknown Property – yii\base\UnknownPropertyException Getting unknown property:…
MrGapo
  • 348
  • 3
  • 10
1
vote
2 answers

Keychain data security in jailbroken device

Storing sensitive data in keychain is a best practice in iOS. But using a jailbroken device an attacker can dump all the keychain data. (keychain-dumper) Can anyone help me understand how to protect the data in a keychain, in case of a jailbroken…
Shree Harsha S
  • 665
  • 7
  • 14
1
vote
1 answer

Are there any known security issues while reading files in Java?

For example there are known vulnerabilities with Word file with Macros, PDF files, when opened can compromise and harm your system. In a similar way are there any known issues when a CSV file is parsed in Java or a txt file is read? Is there a…
Saran Makam
  • 126
  • 7
1
2
3 4