After setting up eslint-plugin-security, I went on to attempt to address nearly 400 uses of square brackets in our JavaScript codebase (flagged by the rule security/detect-object-injection). Althou...

Probably my question is a trivial one, but I never used an application scope bean before. I need the application bean because I have to do time consuming transactions on the database. my search did...

I'm working on paying back some technical debt this week, and it hit me that I have no idea how to make multi-value inserts safe from accidental or malicious SQL injections. We're on Postgres...

I'm using gwt 2.3.0 in my project. I need to change my css source: <link type="text/css" rel="stylesheet" href="gxt/css/gxt-all.css"> during run time (i want to decide which file to use on...

I'm building an Elasticsearch query using QueryBuilders in my backend. The cluster is not directly exposed to the internet, and only accessed through the backend. I've noticed that I am providing...

I am trying to restore mails using soap messages using office api's but it is giving 'header value appears to contain an embedded header' error for some mails. eg. msg = MIMEMultipart() msg['From...

I am trying to hack my PL/SQL code. We create the PL/SQL procedure that opens and fetch the cursor. By our standard we did create a dynamic SQL statement, but we are unable to inject the OR 1=1 con...

If yes, why are there still so many successful SQL injections? Just because some developers do not use parameterized statements?

This has been asked before but the answers are out-dated and I would like to know what the modern approach is. I have some C# code to search Active Directory for an employee with employeeid id whi...

Using Guice, is it a good practice to get a new injector in each JUnit test class, as each test class should be independant?

I posted a question on a similar topic a couple days ago (and one a couple years ago), but I decided to go ahead and get started. I am trying to inject C++ code into C++ code (in a somewhat portabl...

I want to write such a function: function doGoodJob(someId, callBackfunction){ // some stuff with someId // todo: RUN callBackFunction here } They say eval is 'dangerous' in terms of code inj...

I got the veracode report for my javaEE app. It had a flaw at any logging (using log4j), so I add the StringEscapeUtils.escapeJava(log) to all of them, but veracode keeps reporting them as security...

I am trying to code a page that is intentionally vulnerable to command injection. This is for a training environment. This is the code I have so far: public ActionResult CommandInjection() { str...

Here is my task: Inject custom managed code into running managed WPF application (i.e. my code should run in other AppDomain) Injected code must be executed on UI thread When I say 'best' I mean ...

I have a problem injecting resolve parameters from the routing into the controller. I'm setting the resolve value to an object {name: 'Banner', slug: 'banner'}, but I get an error. App.js var app...

i created generic service to crud task, the service use the HttpClient by DI (Dependency Injection), but i need to inform another value in the constructor of the service, how to make this? because...

I want to use the parameter place holder - e.g. ?1 - with the % wild cards. that is, something like: "u.name LIKE %?1%" (though this throws an error). The docs have the following two examples: 1. ...

I've got one easy question: say there is a site with a query like: SELECT id, name, message FROM messages WHERE id = $_GET['q']. Is there any way to get something updated/deleted in the databas...

I have some doubts about anti dll injection in C++. I have a game C++ based, Im having problems with hackers with dll injection. Then i need to prevent it. I find notify hook there from there: MSDN...

I am a bit confused, there are so many functions in PHP, and some using this, some using that. Some people use: htmlspecialchars(), htmlentities(), strip_tags() etc Which is the correct one and wh...

My project is not finding the service reference endpoint in runtime. I believe it's due to incorrect injection in my Startup.cs. I'm new to the appsettings.json and Startup.cs method of configurati...

I am working with a few .Net 4.0 webforms controls such as the Menu control and while I think it's great that I can now declare the way in which controls are rendered (i.e. as either tables or divs...

I'm using Sequelize with Node.js/Express and I'm not sure how to escape with Sequelize in the where part. var sequelize = ...; var productId = 5; var productName = "test"; var product = sequelize....

I am saving user-submitted HTML (in a database). I must prevent JavaScript injection attacks. The most pernicious I have seen is JavaScript in a style="expression(...)". In addition to th...