Questions tagged [code-security]
Code Security is the process of protecting against theft and unauthorized distribution.
                41 questions
            
            
            2
            votes
        
        
            1
            answer
        
        
            318
            views
        
    Should the SBOM-file contain dev-Dependencies?
                When we generate a sbom-file for our service: Are dev-dependencies supposed to be contained in it? I talk about packages which provide a test-framework or mocking-functionality for example which are ...
            
        
       
    
            -2
            votes
        
        
            1
            answer
        
        
            96
            views
        
    PHP secure storage for sensitive document uploads [closed]
                I need help deciding how to securely store sensitive docs uploaded via a PHP script. I realize I'm not personally qualified for this task (if I was I wouldn't be asking this question) but need to know ...
            
        
       
    
            0
            votes
        
        
            0
            answers
        
        
            63
            views
        
    Adequate Implementation for allowing access to an API
                I am in the process of creating an internal application, and I am currently laying it out. Right now, these are the constraints:
Program is currently limited to one department, do not foresee it ...
            
        
       
    
            1
            vote
        
        
            2
            answers
        
        
            932
            views
        
    Restricting access to sensitive data in monorepo
                Imagine that you have a large monorepo code base running as a monolith application. This application is backed by a database. Some of the data in the database is sensitive, so you want to restrict ...
            
        
       
    
            4
            votes
        
        
            1
            answer
        
        
            3k
            views
        
    If a code inspection tool finds a "heap inspection" vulnerability, is that relevant if the code is for a web app running on a private server?
                Recently, at the organization I work for, we've been using a static code inspection tool.
One of the more interesting findings is that private information, such as passwords, may be stored in the heap ...
            
        
       
    
            1
            vote
        
        
            4
            answers
        
        
            435
            views
        
    How can Data security be ensured in an open source software?
                In open source projects handling user data in a secure manner can be managed, for example through encryption and password protected functionality. What I'd like to create is a way for the user to ...
            
        
       
    
            -4
            votes
        
        
            4
            answers
        
        
            6k
            views
        
    Since `strcpy`, `strcat`, and `sprintf` are dangerous, what shall we use in stead of them?
                In Computer Systems: a Programmer's Perspective,
Unfortunately,
a number of commonly used library functions, including strcpy, strcat, and
sprintf, have the property that they can generate a byte ...
            
        
       
    
            0
            votes
        
        
            0
            answers
        
        
            85
            views
        
    How secure LocalStorage on a SPA
                I'm developing an Ionic 4 based (Angular) web application. It has a lot of logic on it and needs to store session specific data (such as a JWT, selected language, among other preferences and temporary ...
            
        
       
    
            -3
            votes
        
        
            4
            answers
        
        
            2k
            views
        
    Is it possible to prevent tech scammers from editing bank webpages?
                In a refund tech scam, tech scammers use Chrome Developer Tools to edit the HTML directly on the victim's bank webpage through a Remote Desktop (Teamviewer, AnyDesk, etc) to fool their victim into ...
            
        
       
    
            22
            votes
        
        
            5
            answers
        
        
            12k
            views
        
    How can we avoid showing the literal path in the exception's stack trace?
                When our in-house developed application (C#, ASP.NET) is throwing an exception, it displays a stack trace that contains path information like C:\users\DEVELOPER_FULL_NAME\path\some-module.cs. So it ...
            
        
       
    
            24
            votes
        
        
            3
            answers
        
        
            6k
            views
        
    How to protect software from being deleted by antivirus? [duplicate]
                I work for a publishing company and we are making interactive software that accompanies our books. The problem is that many clients complain that the antivirus keeps deleting parts of the software, ...
            
        
       
    
            0
            votes
        
        
            3
            answers
        
        
            401
            views
        
    Protect Part of the Code
                My company works with different developers from different studios, always sharing the code to everyone aboard.  At the moment, we need to protect a part of the code, not from theft but from some ...
            
        
       
    
            17
            votes
        
        
            3
            answers
        
        
            3k
            views
        
    Keeping secrets out of source control - are we just moving the problem?
                I inherited some projects in which secrets were in source control in App.config and similar files. Fortunately it's not a public repository so the risk isn't as serious as it could have been. I'm ...
            
        
       
    
            -2
            votes
        
        
            1
            answer
        
        
            94
            views
        
    Web Security (PHP) - Is it Secure to do downloading files & presenting with Headers to the End User ?
                I have security question that i am not sure if this approach is safe and secure way to download a file and present to a web user ? 
We have customers invoice files stored in a server location (...
            
        
       
    
            3
            votes
        
        
            4
            answers
        
        
            879
            views
        
    Locking access to a Class Library (C#)
                I have been tasked with designing a class library that I am loathe to actually build. It is basically a huge backdoor to our software security. The idea was that it would only be accessible from one ...
            
        
       
     
         
         
         
        