Collaborate Disseminate
Apparently having 100% prevention of SQL Injection and XSS attacks is easier said than done, but why?
Can’t static code analysis tools ensure that all user supplied input vectors (including user tainted variables) are sanitized? Or enfo… Continue reading Making SQL/HTML Injection attacks programmatically impossible
Imagine that I have a server made with technologies and programming language that are not secure for some reason, such as legacy versions with known vulnerabilities or anything else that may result in giving a hacker an opportunity to forg… Continue reading What technologies to use for the "front end" server to safely validate requests?
I have a question that might sound a bit weird: A friend of mine (Person A) is being attacked by a former friend (Person B) and now person A asked me for help. Person A and Person B know each other from the internet and Perso… Continue reading Attack that stops internet access for several minutes
My Sourcefire IPS is firing alerts for malicious activity but the source and destination networks dont belong to me, should i be concerned?
Continue reading IPS/Sourcefire sending alerts where the source nor destination is mine [closed]
How do you prevent someone from doing an TCP reset attack between client and host without having acess to host?
I am trying to solve a CTF for fun and learning purposes.
In one of the challenges I establish a connection wit… Continue reading TCP reset attack / forged TCP reset prevention
I’ve been in security for a while now but I’m relatively new to privacy. I’ve been studying differential privacy and its application to databases. However I’m still a little confused about where security and privacy intersect… Continue reading Is a differentially private SQL database relatively more secure from an SQL injection?
I need to distribute a shared 256 bit key to 100’s or 1000’s of nodes (I have the public key of each node).
There’s no networking involved – this will all be done by loading a single file on to each node. That file is gen… Continue reading Security risk of encrypting the same data with many public keys
The Jurassic Park scene referenced in the title is infamous for how ludicrous it sounds to those who are tech literate. But it also illustrates what seems to me to be a glaringly huge hole in web security, particularly IoT devices–as soo… Continue reading Why is the OS obfuscation defense against "It’s a Unix system!" not widely implemented?
I have read quite a bit of advice on this site (and the internet more generally) on protecting oneself and online accounts from being hacked. I follow this advice quite diligently, including using a password manager, using 2F… Continue reading Attack Vectors When Explicitly Targetted
I want to protect myself from fraud and identity theft.
While there are on the Internet plenty of arbitrary collections of precautionary tips, I want to make rational, fully informed choices to manage the risk that I suffer … Continue reading Modeling and managing attack surface around individual finance [on hold]