security 1,136

  1. The definitive guide to form-based website authentication
  2. Why does Google prepend while(1); to their JSON responses?
  3. Why is char[] preferred over String for passwords?
  4. How can I prevent SQL injection in PHP?


  5. How should I ethically approach user password storage for later plaintext retrieval?
  6. Secure hash and salt for PHP passwords
  7. How does the SQL injection from the “Bobby Tables” XKCD comic work?
  8. What's the best method for sanitizing user input with PHP?
  9. Best Practices for securing a REST API / web service
  10. How to avoid reverse engineering of an APK file?
  11. Are PDO prepared statements sufficient to prevent SQL injection?
  12. Why is using the JavaScript eval function a bad idea?
  13. SQL injection that gets around mysql_real_escape_string()
  14. Why Does OAuth v2 Have Both Access and Refresh Tokens?
  15. Authentication versus Authorization
  16. What is the best way to implement “remember me” for a website?
  17. How can bcrypt have built-in salts?
  18. Fundamental difference between Hashing and Encryption algorithms
  19. Are HTTPS headers encrypted?
  20. Worst security hole you've seen?
  21. What should every programmer know about security?
  22. Disable browser 'Save Password' functionality
  23. What is token based authentication?
  24. Best way to store password in database
  25. How to secure database passwords in PHP?
  26. JWT (JSON Web Token) automatic prolongation of expiration
  27. The difference between the 'Local System' account and the 'Network Service' account?
  28. How are software license keys generated?
  29. Practical non-image based CAPTCHA approaches?
  30. Why would one omit the close tag?
  31. Why is JsonRequestBehavior needed?
  32. Why am I suddenly getting a “Blocked loading mixed active content” issue in Firefox?
  33. PreparedStatement IN clause alternatives?
  34. Exploitable PHP functions
  35. Is “double hashing” a password less secure than just hashing it once?
  36. Is either GET or POST more secure than the other?
  37. Are HTTP cookies port specific?
  38. Payment Processors - What do I need to know if I want to accept credit cards on my website?
  39. Are querystring parameters secure in HTTPS (HTTP + SSL)?
  40. Will web browsers cache content over https
  41. How to create .pfx file from certificate and private key?
  42. What are all the user accounts for IIS/ASP.NET and how do they differ?
  43. Where do you store your salt strings?
  44. How to redirect all HTTP requests to HTTPS
  45. “Keep Me Logged In” - the best approach
  46. Using openssl to get the certificate from a server
  47. Best practices when running Node.js with port 80 (Ubuntu / Linode)
  48. What is the best way to stop people hacking the PHP-based highscore table of a Flash game
  49. SHA512 vs. Blowfish and Bcrypt
  50. SPA best practices for authentication and session management