Collaborate Disseminate
How to find out what programming language a website is built in?
How much of a Django application could be reverse-engineered if the owner forgot to turn debug mode off?
And other Qs like these ^ .
Shortly: It would seem t… Continue reading Is open-sourcing the code of a webapp not recommended?
As a follow-on to these questions:
What unique fingerprinting information can an iOS7 app collect?
What unique device fingerprinting information can an iOS8 app collect?
What unique device fingerprinting information can an… Continue reading What unique device fingerprinting information can an iOS 12 or iOS 13 app collect?
Many governments around the world still rely on security by obscurity even though it’s one of the first things you learn not to do, when learning about information security. Is it more secure for them? How is their methods be… Continue reading Why do governments still use security by obscurity?
Frameworks for web apps typically can run in either production mode or development mode. One of the major differences between the two modes is how exceptions are handled: in development mode the browser will typically be sent… Continue reading What is the use of disabling detailed exception pages on open-sourced apps?
Let’s say someone has my encrypted data and he wants to decrypt it. People always talk about how the length of the key (e.g. 256 bits) decides about the entropy of the encryption, which totally makes sense. If the attacker tr… Continue reading Doesn’t the choice of encryption algorithm add entropy by itself?
In a system with a complex set of computed authorizations, does conveniently allowing a given user access to view all of their own authorizations decrease security?
In a “Policy as Code” system which relies on consumers of … Continue reading Does allowing a user to know their own authorized capabilities decrease security?
This question already has an answer here:
Is a website published in an obscure directory comparably secure to being placed behind a login? [duplicate]
6 answers
… Continue reading Can a URL that has no links to it be discovered? [duplicate]
I’m releasing some software in python which is impossible to fully encrypt. I was thinking of changing the variable names slightly for every copy that I release. Is this a good way to figure out who is leaking my software? Ch… Continue reading Track who leaks your software
I recently started a job at a small company where the CTO prefers to host SSH services at obscure, high numbered ports on our servers rather than the well known port 22. His rationale is that “it prevents 99% of script kiddy … Continue reading Does it improve security to use obscure port numbers?
I recently started a job at a small company where the CTO prefers to host SSH services at obscure, high numbered ports on our servers rather than the well known port 22. His rationale is that “it prevents 99% of script kiddy attacks.” I’m … Continue reading Does it improve security to use obscure port numbers?