Skip to main content
Information Security

Questions tagged [source-code]

Ask Question

Security relative to source-code edition, protection and management.

238 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
0 votes
0 answers
358 views

In today's world of AI, we are seeing new AI models and agents coming up, almost every day, that claim to be near to a human programmer. That said, a few security concerns are getting raised in my ...
Jignesh M. Khatri's user avatar
  • 101
1 vote
1 answer
121 views

Recently, a developer accidentally made a private repository public, which contained secret keys. Although a third-party application promptly flagged and rotated the exposed credentials, the ...
Akhil's user avatar
  • 11
3 votes
1 answer
1k views

I have a SaaS web application. One of my clients needs the app to be installed on his infrastructure (meaning physically on servers only they can access). The application stack is 2 docker images: one ...
Moen's user avatar
  • 31
1 vote
1 answer
135 views

If I am shipping a program to my customers which is compiled with GCC, but I want to test the security of the program using Clang, is this generally okay, or will I miss certain security bugs because ...
the_endian's user avatar
  • 1,362
2 votes
3 answers
494 views

What are the risks of viewing the source code of malicious pages on Google Chrome? I want to go directly to view-source:https://example-site.com to visit the sites without rendering anything malicious ...
clueless_robot's user avatar
  • 21
2 votes
1 answer
566 views

I am interested if it could be possible to validate source code integrity for web apps somehow. For example: Developer builds app and sign source code with his private key. Both signature and public ...
leplos's user avatar
  • 21
1 vote
1 answer
614 views

Excuse the naive question but I'm trying to understand a bit about security in home health and medial devices and a recent report about how home Covid test results can be altered has left me a bit ...
orome's user avatar
  • 333
0 votes
1 answer
351 views

In the Cryptsetup Frequently Asked Questions page it says: You are asked a passphrase of an existing key-slot first, before you can enter the passphrase for the new key-slot. Otherwise you could ...
EmmaV's user avatar
  • 103
1 vote
0 answers
54 views

I would like to verify that users are running particular source code. Is there a way this could be achieved? I want to verify that the original "algorithm" has been followed correctly if you ...
Fred's user avatar
  • 11
1 vote
0 answers
26 views

Let's say HonestInc is super generous and provides the source code of its web application HonestApp on github. However, I'm extremely distrustful of them, and have doubts that their actual server is ...
ChocolateOverflow's user avatar
  • 3,482
-1 votes
2 answers
587 views

The idea is to find, through some search engine or tool, a HTML tag structure, or HTML fingerprint, which reveals similarly coded pages to a particular one. A traditional search engine like Google or ...
user250732's user avatar
  • 7
0 votes
1 answer
301 views

Our application stored **e.printstacktrace()** in a log file, which is accessible to a specific user group. We need such detailed information for debugging purposes. As per the security team, they are ...
useradmin1234's user avatar
  • 449
1 vote
1 answer
876 views

I work at a small software company, and we are working with another company that wants to use our software. However, their InfoSec team want us to have a 3rd party source code review completed, with ...
Daniel Congrove's user avatar
  • 113
3 votes
3 answers
437 views

I want to prove that the source code I am using is the same as the open-sourced version, which is publicly available. My idea was to publish a hash of the open-sourced version and compare it to the ...
Ryan Shahine's user avatar
  • 31
1 vote
2 answers
446 views

I have a codebase that I've been keeping on Github that I don't want to worry about losing. I've intermittently backed up all the repos to an S3 instance, but this doesn't feel secure. If my Github ...
undecided's user avatar
  • 31
-1 votes
1 answer
695 views

What are the subtle differences in both - as one could say that both are almost the same... Static Code Analysis (also known as Source Code Analysis) is usually performed as part of a Code Review ...
Andrei Clear's user avatar
  • 11
0 votes
1 answer
131 views

Is there a mechnism that can ensure a deployment (server that can give https responses) is built from the actual (public) sourcecode provided by another https URL? sourcecode from commit #10020 at ...
Daniel W.'s user avatar
  • 307
3 votes
2 answers
3k views

Every open code repository has security issues. Attackers can use three ways to sneak malware in: Abuse typos: Create a package with a similar name, but the package is malware Malware + useful code: ...
Martin Thoma's user avatar
  • 4,002
0 votes
1 answer
1k views

For a project we were asked to find and exploit the "Remote Code Injection" vulnerability of a web application. After hours of search (we have the source code of the web application as it is running ...
koapsi's user avatar
  • 23
2 votes
1 answer
2k views

Not sure if in this case if it is possible to inject malicious code in $entityId and if it will be processed by php. $entityId = $_GET["name"]; public function getMetaData($entityId) { assert('...
Raphaël D's user avatar
  • 43
40 votes
5 answers
8k views

How to check whether the source code of an open-source project contains no malicious content? For example, in a set of source code files with altogether 30,000 lines, there might be 1-2 lines ...
tonychow0929's user avatar
  • 2,277
1 vote
2 answers
361 views

Someone mentioned that linters would have helped not only for keeping the code looking better and friendlier, but also safer. ESlint has a rule to indicate, for example, to use {} which would have ...
Filipon's user avatar
  • 1,304
0 votes
1 answer
273 views

I was playing a CTF and got stuck. When seeing the source code through web browser reveals nothing but when we send the request through curl it reveals out HIDDEN directory. How is it even possible? ...
Utkarsh Agrawal's user avatar
  • 493
126 votes
8 answers
29k views

My friend just asked me: "why is it actually that bad to put various passwords directly in program's source code, when we only store it in our private Git server?" I gave him an answer that ...
d33tah's user avatar
  • 6,724
0 votes
2 answers
290 views

Say you do not trust the data center technicians (or management) but have no other option than hosting your web application with them. Also, say you want to keep certain files inaccessible to people ...
Majid Fouladpour's user avatar
  • 135

1
2 3 4 5