Stack Overflow
Stack Overflow

Questions tagged [websecurity]

Below things can be tagged in this Cross-Site Scripting (XSS) Local File Inclusion (LFI) Remote File Inclusion (RFI) Remote Code Execution (RCE) PHP Code Injection HTTP Protocol Violation Shellshock Session Fixation Scanner Detection Metadata/Error Leakages Project Honey Pot Blacklist SSL related question Link to learn more https://owasp.org/ Some questions or definitions https://techletterbox.com/2020/02/08/web-security/

380 questions
0
votes
1 answer

Add size limit to QNetworkReply

In my application, done with Qt5, I would like to set a security system when I download data from internet. First of all, I want to check how many bytes I am downloading and abort if it is the case. I want to set a maximum limit of downloaded bytes,…
n3mo
  • 663
  • 8
  • 23
0
votes
0 answers

WebSecurity shows CurrentUserId as -1

I am using WebSecurity in my project, and sometimes it shows the current user id as -1 (but that user actually is Id = 1) here is the code line Obj.CreatedBy = WebSecurity.CurrentUserId; Does anyone know why that happens? It is not that…
S.J.Lee
  • 23
  • 8
0
votes
1 answer

Amazon-Guard-Duty for my spring boot application running on AWS

I have a spring boot application running in an EC2 instance in AWS. It basically exposes REST endpoints and APIs for other application. Now I want to improve the security measures for my app such as preventing DDoS attacks, requests from malicious…
thatman
  • 333
  • 3
  • 14
0
votes
2 answers

How to set the Cache-Contro for many urls

I am starting on web-security and I have to control the cache on the portal, this portal has many urls. I understand that I need to set the header with this: response.setHeader("Cache-Control","no-cache,no-store,must-revalidate"); …
Rock Pz
  • 3
  • 1
0
votes
1 answer

Preview webpage in progressive webapp?

Can PWAs act as browsers? Or more technically: Does the PWA concept allow displaying previews of other webpages, regardless of their X-frame-options or similar settings? I am not currently persueing specific ideas myself; Rather I am interested into…
kdb
  • 4,098
  • 26
  • 49
0
votes
1 answer

Do modern web browsers are still vulnerable to Cross-Site Cooking?

I'm wondering if modern web browsers are still vulnerable to "Cross-Site Cooking" attack when cookies are set from another domain?
nicolas2008
  • 945
  • 9
  • 11
0
votes
1 answer

Why should I convert & to & in XSS prevention?

Recently I've been thinking about a question as I mention in the title. As OWASP suggest us in their RULE #1, one should do some HTML escape before inserting user input into HTML pages. However, in cases below: userInput
z3tt4
  • 1
  • 1
0
votes
3 answers

Does MySQL / MariaDB hash database passwords for PHP (7.x) mysqli_connect?

Please excuse a beginner question. Suggestions, links, and further reading are all welcome. I'm concerned about security on web pages and looking for best-practices. When using PHP to connect to MariaDB/MySQL databases, most recommendations put the…
Geekomancer
  • 439
  • 1
  • 4
  • 11
0
votes
1 answer

Web attacks from a herokuapp.com address -- how to stop

I am not a Heroku customer, just a plain old user out there. But, I am getting a steady stream of web attacks from a herokuapp.com address. They are being blocked by my security software (Norton), but (a) they are affecting performance on my system;…
David Lewis
  • 190
  • 1
  • 8
0
votes
0 answers

WebGoat - web service SQL injection testing with Webscarab fails

Could someone please tell me why do I see the following error message: when trying to complete WebGoat web service SQL injection by using Webscarab? I'm on Win. Thank you.
Riwi
  • 81
  • 11
0
votes
1 answer

How to implement content based authorization in ASP.net and SQL Server?

I am developing data application for governments, and I have a situation in which I need to make data shared to all users in one page but with different privileges levels that can control authorization based on locations, not just simple admins and…
aliadly
  • 77
  • 1
  • 11
0
votes
1 answer

Control Level Security in ASP.Net for server side and client side controls

I have a software application in ASP.Net, I have different buttons and link labels, each button has classes, for example the add buttons have btnAdd as their classes, and some of the labels are using similar classes. What would be the best approach…
Muhammad Atif Agha
  • 1,535
  • 3
  • 33
  • 74
0
votes
0 answers

Definitely manipulate window maximization in a web application

I know this question might be understood as duplicate, but believe me, I have searched almost all the web and could not find an answer that fits the scope of my application. In 90% of the cases, the answer is "no, you can't due to security…
A. Cristian Nogueira
  • 725
  • 1
  • 8
  • 25
0
votes
1 answer

Security Configuration doesn't let me use antMatchers() on some pages

Security Configuration doesn't let me use antMatchers() on some pages. Below is a configuration code where I'm trying to let not signed in user access "/", "/entries", "/signup". With "/signup" there is no problem it let me visit that page, but it…
Nick Nagorski
  • 135
  • 1
  • 3
  • 11
0
votes
1 answer

Handling client side API keys used for deducting credits (money)

Imagine the following scenario: I've built an API and a web application. A user would sign up through the web app, and receive a unique API key. They may then purchase "credits" for their account, which are simply a 1:1 representation of…
Orbit
  • 2,985
  • 9
  • 49
  • 106
1 2 3
25 26