Stack Overflow
Stack Overflow

Questions tagged [application-security]

Application layer security design, implementation, vulnerability assessments and concerns, as opposed to infrastructure (e.g., ACLs on routers, IDSes, etc.)

encompasses measures taken throughout the code's life-cycle to prevent gaps in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance or database of the application.

as stated in Wikipedia.

Since this tag is used in its general meaning, you are strongly encouraged to use one or more additional tags to better describe your specific case.

50 questions
1
vote
5 answers

Web application security testing

We are developing a web application using Spring framework and Hibernate ORM. As far as application security is concerned we are using acegi to provide authentication and authorization support. Now about user input sanitation, we have tried to take…
Arun P Johny
  • 384,651
  • 66
  • 527
  • 531
0
votes
0 answers

Secure restapi calls for Springboot application from angular hosted in nginx

I have an application in which backend is in Java SpringBoot 2.5.2 and front end in angular 8. Front end application is hosted on nginx and the same is authenticated using OKTA SSO and backend is running in springboot integrated tomat.My UI is…
TheCoder
  • 41
  • 5
0
votes
0 answers

Is the full XML schema of the context file documented somewhere?

When generating a context file using OWASP Zap's Desktop UI (for Windows), I noticed a parameter from the UI missing in the exported context file. Is the full XML schema of the context file documented somewhere so we can add elements in…
Lee
  • 922
  • 2
  • 11
  • 19
0
votes
0 answers

How can I implement privileged access management (PAM) in my existing project?

We are very new to privileged access management (PAM), but we have a requirement to use privileged access management (PAM) safe for automating password updation in our application. Is there any github sample code for this implementation or help…
richa verma
  • 247
  • 2
  • 13
0
votes
0 answers

How to secure a cloud based POS application?

I am trying to come up with a list of security recommendations /verification standards for a cloud-based POS application. When moving from a Store server-based Point of Sale (vendor-owned and managed) to a cloud-based POS platform ( own application…
Ostrich
  • 1
  • 1
0
votes
1 answer

How does Stripe know my secret key is leaked?

I recently moved some of my repositories from AWS Code Commit to GitHub. I accidentally made one of the repositories public, instead of private. Within less than 10 mins of committing the code, I got an email from Stripe that my secret key is…
Prashant Agarwal
  • 729
  • 7
  • 23
0
votes
1 answer

Sending Anti-CSRF token in header is a good practice?

If we send an anti-csrf token in our header value how effective is this and is this a best way to secure the application from attacker.
CyberInsects
  • 1
0
votes
1 answer

Upload Trivy result.json file to DefectDojo

I am using trivy to do docker scanning and then saving the output into result.json file. Now I am trying to send the file to DefectDojo to visualize it there, how can I do that?
user16133873
0
votes
1 answer

Why does Youtube use Insecure RTMP, considering that Facebook uses secure RTMPS?

RTMP being an insecure unencrypted protocol, suffers from attacks like MITM and network sniffing. Naturally so, FB uses RTMPS: https://ppc.land/streaming-facebook-moves-live-videos-completely-to-rtmps/ Why is Google lackluster about adopting this…
Ashking
  • 19
  • 1
0
votes
0 answers

Securing user secrets in KeyChain vs Keychain+Biometrics

The common approach to secure user secrets in native applications seems to be storing the secret in keychain and adding an additional layer of protection by way of biometrics/touchId/FaceID. My questions: Does adding the additional layer of…
ke3pup
  • 1,835
  • 4
  • 36
  • 66
0
votes
1 answer

How to implement Reflect XSS fix in webforms .net 2.0 Application

I have started working on a webforms application built in .net 2.0 using VS 2005. I am kind of new to web application When I am clicking on a Menu item which is
  • tag and capture the request in burp and Changed the Url to…
    • Suresh Kharod
    • 51
    • 1
    • 7
    0
    votes
    1 answer

    XML External Entity Injection: Hp Fortify issue in java 1.6

    I was trying to fix XEE issue and have tried other options but won't work. Would be great if there were any pointers. Below is my code snippet.. ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); Source xmlSource = new…
    Thibbesh Gowda
    • 1
    • 2
    0
    votes
    1 answer

    Allow only Android OS to open the launcher activity

    In my Android app there is a security vulnerability that my app can be opened by a malicious application. I am using the following intent filter in the Launcher Activity.
    MobileAppDeveloper
    • 1,048
    • 2
    • 16
    • 27
    0
    votes
    1 answer

    How can I add a file to another file which is such as named store.dat in Java?

    All data must be stored in one single persistent file name secure_store.dat. The following command should add new files to the Secure Store realm: put [path_on_OS] [file_name] How can I do this ? How can I add a file that in my PC to secure.store…
    DrTokenizer
    • 1
    • 1
    0
    votes
    1 answer

    Application Security references

    I stepped into Application security evangelist role recently. As part of my responsibilities, I need to stay abreast of security issues. Can you please recommend some good websites that provide industry updates related to Web/Database security as…
    Prathap reddy
    • 76
    • 6
    1 2
    3
    4