I need to setup some automated testing of HTTP requests, to check cookies are doing the right thing, with (manual) debugging when there is a problem. So far I've been muddling along with Firebug, but it's quite a bit of effort using that, and I would prefer some form of scriptable tool, both to make it easier for me and to allow an auto...
Hey, I am new to soapUI 3.5. I tried some wsdl that acquire security against web service deployed on jboss 4.2.1 while running test on soapUI . It gives me <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Header/> <env:Body> <env:Fault> <faultcode>env:Server</faultcode> <faults...
Hi, This question refers Where does setting the CACHE-CONTROL HTML meta tag come into the autocomplete argument? Is it necessary to explicitly set autocomplete=off for sensitive inputs if you have told the browser not to cache anything by setting CACHE-CONTROL=NO-CACHE? I assume that if the browser has been told not to cache anything, ...
I've got a Flash movie, loading data from an external URL. In fact, it's a RSS reader inside a banner. Everything works perfectly when the Flash movie and data URL are on the same domain. However, if the Flash movie is on another domain, Flash security kicks in. The manual says that I can allow a domain trough Security.AllowDomain() s...
I'm encrypting the web.config in our web sites using aspnet_regiis. However, I want the ability to export the encryption key so if we need to move from Machine A to Machine B, asp.net will be able to decrypt it. When I run aspnetregiis -px "NetFrameworkConfigurationKey" c:\keys.xml -pri, I get the following : 'Key not valid for use in s...
i want to use "plink.exe -u username -pw securepassword" on my windows visual c++ program. will username and password remain safe while calling this command? I mean can a hacker steal or sniff the username and password? (consider hacker can't get to the password directly from the exe file) ...
What steps can be taken to make sure a web application using Hibernate, Spring and JSF is secure? What vulnerabilites can exist and what security framework if any is standard? ...
I was reading a tutorial on ASP.NET and third party API's and it mentioned that the API KEY and SECRET KEY should be stored in the web.config file, for security on production servers, instead of in the classes that use them. However, I'm not quite sure what's more secure about a web.config file than a class? I understand the convenience ...
How can I prevent XSS attacks in Java? Are there any good libraries for that? ...
What security concerns are there when accepting a user's bank account information (account number and routing number) via a form on a page that is using SSL, and posting it back to the server where I then curl off a HTTPS request to send that information to an ACH service like First ACH or ACH Direct via their API? We wouldn't be saving...
Hi, I work on apllication which allows plugins to access different set of functionality, every plugin provides "initialization string" which sets level of access to different features. Developers send me this strings, and I encrypt them using my 1024 bit RSA private key and send encoded data back. When started, my application decodes enc...
My server is attacked like this 188.165.198.65 ./../../../../../../../../../etc/passwd%00 HTTP/1.1" 200 28114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1" How can I defend it with .htaccess file? ...
Hello, when I connected to a FTP-Server with sockets how can I send username and password? thank you for your answers. ...
Hi! We have a few servers with SSH public (using sFTP). Obviously, the attacks ar too many. We want put the banned logs into a MySQL DB for make stats and etc. Have anyone tryied this? Thanks ...
i have a course project to do on network security, the project theme is lightweight security on mobile devices,sensors,rfids... i am really finding it hard to get papers about any of these topics. so what are some nice project topics that i can do? thanks ...
Ok this is something weird. I got authlogic-oid installed in my rails app today. Everything works perfectly fine but for one small nuisance. This is what i did: I first register with my google openid. Successful login, redirection and my email, along with my correct openid is stored in my database. I am happy that everything worked fi...
We have a requirement, wherein the administrative user needs to proxy in as a certain user in an environment where several users (Role: User) are managed by an administrator (Role: Admin). e.g If we have the following users in the database (admin, user1, user2, user3), we would want the admin to proxy as 'user2' and use the system in c...
I've found numerous posts on stackoverflow on how to store user passwords. However, I need to know what is the best way to store a password that my application needs to communicate with another application via the web? Currently, our web app needs to transmit data to a remote website. To upload the data, our web app reads the password fr...
I don't think I'm missing anything. Then again I'm kind of a newbie. def GET(self, filename): name = urllib.unquote(filename) full = path.abspath(path.join(STATIC_PATH, filename)) #Make sure request is not tricksy and tries to get out of #the directory, e.g. filename = "../.ssh/id_rsa". GET OUTTA HERE assert full[:l...
Hello - I need to access an eToken Pro USB installed on a Linux machine over the network ; (client PC with a .NET app -->Linux machine --> eToken Pro 32k) How do I do that ? Thanks ...