Highest Voted 'vulnerabilities' Questions - Software Engineering Stack Exchange

41

votes

13 answers

How safe is it to compile a piece of source code from a random stranger?

Suppose I'm reviewing code that job applicants send to prove their skills. Clearly I don't want to run executables they send. Not so clearly I'd rather not run the result of compilation of their code (just for example, Java allows to hide runnable…

asked Jun 23 '15 at 11:27

sharptooth

4,349
1
27
37

38

votes

14 answers

What to do if you find a vulnerability in a competitor's site?

While working on a project for my company, I needed to build functionality that allows users to import/export data to/from our competitor's site. While doing this, I discovered a very serious security exploit that could, in short, perform any script…

business security ethics vulnerabilities

asked Feb 17 '11 at 21:47

user17610

243
3
6

27

votes

9 answers

Is it a security vulnerability to declare class members as public?

I have always wondered whether public, protected, and private has security implications post compilation. Hypothetically: class Foo { public: int m_Foo; // Completely vulnerable and dangerous protected: int m_Bar; // Possible attack…

c++ security class vulnerabilities struct

asked Nov 13 '21 at 12:04

Anon

3,565
3
27
45

23

votes

9 answers

Why is it so difficult to make C less prone to buffer overflows?

I'm doing a course in college, where one of the labs is to perform buffer overflow exploits on code they give us. This ranges from simple exploits like changing the return address for a function on a stack to return to a different function, all the…

c vulnerabilities buffers

asked Feb 18 '12 at 09:14

ankit

860
7
11

14

votes

4 answers

What are the security risks/vulnerabilities every C programmer must be aware of?

There are many security risks coming from having close contact to the hardware as opposed to using well-tested and proved APIs from high level programming languages. It is much easier to cause a buffer overflow in C than in a language such as…

c security low-level vulnerabilities

asked Apr 27 '11 at 17:20

Anto

11,157
13
67
103

10

votes

3 answers

Ensure unsafe code is not used accidentally

A function f() uses eval() (or something as dangerous) with data which I created and stored in local_file on the machine running my program: import local_file def f(str_to_eval): # code.... # .... eval(str_to_eval) # .... …

python vulnerabilities

asked Mar 03 '16 at 20:31

user

449
1
5
20

6

votes

5 answers

Is it safe to display information about old passwords on login failure?

When I changed my Facebook password yesterday, by mistake I entered the old one and got this: Am I missing something here or this is a big potencial risk for users. In my opinion this is a problem BECAUSE it is FaceBook and is used by, well,…

security passwords vulnerabilities

asked Feb 09 '11 at 14:41

Trufa

604
4
15

5

votes

3 answers

Examining source code for maliciousness and security vulnerabilities

What are some techniques in determining if a particular piece of source code is malicious or vulnerable to malicious attack? I am currently using cppcheck and I am waiting on an install of Rational AppSource. Aside from that and reviewing the…

vulnerabilities secure-coding

asked Jun 02 '11 at 20:19

Engineer2021

3,238
5
28
32

5

votes

4 answers

Small projects using the cathedral model: does open-source lower security?

We know of Linus' law: With enough eyeballs all bugs are shallow In general, people seem to say that open-source software is more secure because of that very thing, but... There are many small OSS projects with just 1 or 2 developers (the…

open-source security vulnerabilities

asked Feb 25 '11 at 16:24

Anto

11,157
13
67
103

5

votes

0 answers

What To Do If I've Found a Vulnerability In a Possible Future Employers Site?

I've been self employed for a long time now and have recently decided that PHP development within a company is the route I'd like to go down. I had an initial interview/meeting yesterday with a potential employer and It seems like a great place to…

security ethics vulnerabilities

asked Oct 02 '13 at 15:40

john

289
2
5

3

votes

1 answer

How do projects manage security with so many dependencies in open source projects?

Some node.js libraries (just as an example) can pull in literally hundreds of dependencies. Some of these dependencies are small packages that only have one contributor. Often times the contributor doesn't even have any personal information listed…

security dependencies vulnerabilities malicious-code

asked Apr 02 '20 at 19:16

sgdsgyhetwaraw

191
1
5

2

votes

1 answer

How to check for vulnerabilities in web application

I have developed a web application using zend framework, mysql, and other client side technologies like javascript, jquery ajax, kendo grid, and so on. I have completed development and have done several rounds of testing to make sure the functional…

web-applications security ajax vulnerabilities sql-injection

asked Oct 04 '13 at 12:46

웃웃웃웃웃

131
7

1

vote

2 answers

What is the story behind Java Vulnerabilities?

I always appreciated the Java language. It is known as a very secure platform and many banks use it in their web applications. I wanted to build a project for my school and I discussed the options with some developers. However, one of them said we…

java vulnerabilities

asked Sep 15 '13 at 12:54

Maryam

63
2
6

-2

votes

1 answer

Is software inherently buggy and hence, vulnerable?

Could no amount of formal analysis, type/rule checking prevent it's exploitation? How about a fully verified kernel such as SEL4 ?

debugging verification vulnerabilities

asked Nov 19 '14 at 02:02

viv

97
1

Questions tagged [vulnerabilities]