Questions tagged [secure-coding]

Topics related to coding patterns and best practices for avoiding common bugs and security holes.

Failure to adhere to secure coding practices may result in various classes of vulnerabilities such as buffer overflows, integer overflow or wraparound, command-injection, improper sanitation of data, and more. Requirements and best practices for secure coding will differ across programming languages. Manual code reviews and automated evaluation using tools for static or dynamic code analysis can help improve code quality and promote more secure coding.

211 questions

votes

1 answer

Ruby Sinatra Submitting Passwords

I am creating a small Sinatra application which will have login functionality. This would be the first time I have done this in ruby and wanted some advice when posting passwords from a html form. What would be the best and most secure way to do…

asked Jun 19 '13 at 16:40

alexjfno1

votes

1 answer

set a php page to useSSL

Hi I have a php application I would like the account.php page to be secure however after adding this to the page $use_sts = true; // iis sets HTTPS to 'off' for non-SSL requests if ($use_sts && isset($_SERVER['HTTPS']) &&…

php https secure-coding

asked Jan 15 '13 at 11:14

user1620523

votes

1 answer

What is vulnerable about this C code? (Integer...)

#include #include #include #include #define MAX 3 #define ARG "cat .passwd" integer main( integer argc, char ** argv ) { char * names[] = {"strlen", "atoi", "printf", "puts"}; void…

c linux exploit secure-coding

asked Sep 20 '12 at 06:45

user1685041

votes

2 answers

Return the Reference of a pass-by-reference parameter

In terms of Thread Safety and general security, would the following code have anything wrong with it? std::string & toHexString( const uint8_t *buf, uint32_t size, std::string &out ) { // modify 'out' return out; } #ifndef TOHEXSTR …

c++ thread-safety scope secure-coding

asked Sep 17 '12 at 17:51

MarkP

4,168
10
43
84

votes

2 answers

Securing a contact form script

Hello! I am just wondering how secure is this contactform script I just made? My teacher was nagging at me a long time ago when I made my contactforms. if($_SERVER['REQUEST_METHOD'] === 'POST'){ $myemail = "email@adress.com"; $name …

php email contact-form secure-coding

asked Aug 22 '12 at 19:16

Nworks

votes

1 answer

Best way to keep session ongoing when going to other tab

What is the best way to keep the same session when you open the same java webapp in another tab in the browser with passing parameters like username/password in most secured way. The purpose behind is to navigate the webapp to next navigation page …

java session parameters secure-coding browser-tab

asked May 16 '12 at 11:27

GingerHead

8,130
15
59
93

-1

votes

4 answers

windows memory management issue

how to use the malloc() function effeciently for different OS.

c code-access-security secure-coding

asked Mar 01 '12 at 19:44

Tinni

-1

votes

2 answers

Checkmarx fix for CGI_Stored_XSS Vulnerability

Checkmarx complains that there is a Unvalidated DB output. How to validate DB output in general?

java spring xss checkmarx secure-coding

asked May 22 '19 at 00:48

NPS

-1

votes

1 answer

Linux sandbox with C, secure?

I'm developing a generic honeypot for TCP services as part of my BA thesis. I'm currently using Chroot, Linux Namespaces, Secure Computing and Capabilities to provide some sort of a Sandbox. My question is: Are there any points I have to be aware…

linux sandbox secure-coding

asked Jun 07 '18 at 10:20

segfault

-1

votes

1 answer

How to install Jlint-3.0 on ubuntu 14.04.2?

I tried installing jlint-3.0 on Ubuntu 14.04.2 for static code analysis of java .class files. The error I got: gcc -c -Wall -O2 -g antic.c gcc -g -lz -o antic antic.o /usr/bin/ld: cannot find -lz collect2: error: ld returned 1 exit status make:…

java secure-coding

asked Oct 27 '16 at 02:11

crazymav

-1

votes

1 answer

learning assembly for security reasons

Where do I start if I want to learn assembly for security reasons? I think if I want to avoid mistakes, the best thing would be to know what you're doing. What happens if I cast a signed int into an unsigned int. Once I got a strange error message,…

assembly secure-coding

asked Jul 05 '15 at 18:26

user2798943

-2

votes

1 answer

API Abuse- Security Vulnerability Issue MVC APP

Fortify has tool has reported a "API Abuse - Mass Assignment: Insecure Binder Configuration" for below code I appreciate someone's help to identify the security flaws in the below code. The below code is used to create an Application session in…

c# asp.net-mvc security owasp secure-coding

asked Jun 13 '21 at 17:43

Sayeed Ahmed

-2

votes

1 answer

Environment.GetCommandLineArgs() may get an untrusted string

We use Checkmarx to check our project. The result show Environment.GetCommandLineArgs() may get an untrusted string and could allow an attacker to inject an arbitrary command. var args = Environment.GetCommandLineArgs(); var ls = new…

c# checkmarx secure-coding

asked Apr 21 '21 at 07:26

zhangyujason

-2

votes

1 answer

Looking for an security code IDE

I need an IDE that will find problems in my code, those I have tried just don't do it good enough... Iv'e tried Eclipse and IntelliJ IDEA already. is there any good option? Thank you..

secure-coding

asked Jan 25 '17 at 12:16

ben hart

-3

votes

1 answer

How to encrypt curl command to secure server password?

I need to secure the server login and password. I have a Bash script and to work I have to run it on third-party services. The script contains a curl command with a login and password to transfer data to my server. curl -T filedata.txt…

bash curl ftp sh secure-coding

asked Sep 03 '21 at 11:54

Dew Debra

Prev 1 2 3

…

15 Next