I'm just starting to look into how to integrate nmap, an open source security product, into some c++ code. If anyone's tried this, and has some ideas on the best approach, I'd certainly appreciate it. Thanks for the responses. Specifically, I'd like to run a port scan (ipv6). I would definitely prefer non-gpl solutions such as a comman...
I use the next code: ... ProcessStartInfo processStartInfo = new ProcessStartInfo(); ... Process process = new Process(); process.StartInfo = processStartInfo; bool processStarted = process.Start(); ... Is it possible in .Net to restrict rights of invoked external program to read only file operations? ...
I'm working on a public site which will use DB backed user sessions keyed to a session ID. I'm trying to prevent session hijacking and tampering; the session data I return to the client has limited value in and of itself, but I'd like to prevent wholesale theft. I've worked out a little scheme here, but I'd like to get some feedback and ...
An external DB admin guy exported a production database and imported it into test environment. We are using Oracle 9.2. Majority of imported database objects (tables, views, idexes, packages,...) works fine, but we have problems with three specific tables: we can do SELECT,UPDATE, DELETE on those tables, but we can not create views on ...
I want to use that and to be able to sort and edit records inside a gridview. Is possible? How? Thanks! ...
I have a WCF service that uses X.509 certificates for authentication. What's the best method of creating a Java client that can use that service? I've heard of Axis, CXF, Tango, and WSS4J, but I'm not sure which supports X.509 and which one is a good way of working with WCF. ...
I've inherited an application with a glaring security hole. It has session-based security, but file uploads (which are user specific) are not secured in any way and they are stored in the public file tree. Filenames do not follow any convention as such, making them hard to guess, but the data is sensitive and thus I need to implement ...
Hi all, I'm trying to get some more info on a question I posed on another thread Basically, I am using this method to pass parameters to a php script which returns values from a server: NSString *urlstr = [[NSString alloc] initWithFormat:@"http://www.yourserver.com/yourphp.php?param=%d", paramVal]; NSURL *url = [[NSURL alloc] initWithS...
I'd like to be able to allow community members to supply their own javascript code for others to use, because the users' imaginations are collectively far greater than anything I could think of. But this raises the inherent question of security, particularly when the purpose is to allow external code to run. So, can I just ban eval() f...
Where I work we have an ecommerce system on an intranet set up to process customer's credit cards. Currently when we charge a customer's credit card using Authorize.net we are not sending the credit card info to Authorize.net over a secure connection. Instead it goes over regular http. I'd like to get other opinions of how serious/neglig...
Any good strategies, code snippets etc for preventing URL manipulation? For example I have this url; http://localhost/profile/edit/5 the id could easily be changed to anything and thus people could edit profiles they are not supposed too. Here are a few ideas I thought of but they all have there drawbacks: Change my system to use GUI...
I have Microsoft SQL Server 2008 which we host some databases on. We currently use Windows Integration for authentication. We are starting to need the support of authenticating scripts from ASP.NET and other applications. These applications need to use "script credentials" as they run without a user logged in. We are not really wanting ...
Hello! How can I suppress following warning from gcc linker: warning: the use of mktemp' is dangerous, better use mkstemp' I do know that it's better to use mkstemp() but for some reason I have to use mktemp() function. ...
What is the best way to secure ADO.NET data services? Has anyone used this in production, if yes what security options have you used? ...
Kohana and Codeigniter both have encode_php_tags(). I understand XSS cleaning (for Javascript), but when and why would you use encode_php_tags()? What is the security threat? ...
When I view XML files in Internet Explorer, it does syntax highlighting and provides clickable expand/collapse controls. But for every file I open, I get a yellow warning bar that takes three clicks to dismiss. These are local files, so the security warning shouldn't be necessary. Can it be disabled? ...
I have heard a lot of buzz around security and CISSP in IT organizations, but I am not sure what this entails. What are the day to day roles of a Security Analyst/Engineer and what steps do you need to take to become one? ...
I'm looking for a server app to be routinely generating certificates for client applications using self-signed root. Is there any streamlined process in .NET to programmatically generate those certificates? I can, of course, keep spawning makecert or openssl, but I was looking for more programmatic, in-memory method, when you just get X...
I tried to setup KIGG on my server, but always had a permission problem and i knew that its because the trust level, and godaddy always says that http://help.godaddy.com/article/1039 if someone faced the same problem before please advice. Note: I can't currently move to another hosting ...
Is it possible to use Brokered Kerberos Authentication for web services over the Internet? I'm looking at web services security for an environment which already has Active Directory. Due to the existing architecture the web services will be quite chatty and I have no control over this architecture. It may take up to 6 web service call...