I'm interested in social networks and have stumbled upon something which makes me curious. How does facebook keep people from playing with URLs and gaining access to photos they should not? Let m...

after running Checkmarx scan on my Node.js application, I got a warning of Medium severity -> Missing_HSTS_Header. On this piece of code that just returns the content of metadata.json file (high...

I need an IDE that will find problems in my code, those I have tried just don't do it good enough... Iv'e tried Eclipse and IntelliJ IDEA already. is there any good option? Thank you..

I wish to know which of these two options is the more secure one to use: #define MAXLEN 255 char buff[MAXLEN + 1] sprintf(buff, "%.*s", MAXLEN, name) snprintf(buff, MAXLEN, "%s", name) My und...

CheckMarx is flagging an error which looks like a false positive to me. Our application is written in C# and uses ASP.NET Core. The error is: The web application's Startup method creates a cookie ...

How does one store sensitive data (ex: passwords) in std::string? I have an application which prompts the user for a password and passes it to a downstream server during connection setup. I want t...

Checkmarx - v 9.3.0 HF11 I am passing env value as data directory path in docker file which used in dev/uat server ENV DATA /app/data/ In local, using following Environment variable DATA=C:\projec...

Looking at the CERT Secure Standards (Example: https://www.securecoding.cert.org), there are specific standards, with great examples of what good and bad code looks like, for C, C++, Java, even Per...

#include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <stdio.h> int main(int argc, char **argv, char **envp) { gid_t gid; uid_...

Can anyone suggest the proper sanitization/validation process required for the courseType variable in the following getCourses method. I am using that variable to write in a log file. I've tried H...

I want to create a temporary file in POSIX shell (/bin/sh). I found out that mktemp(1) doens't exist on my AIX box, and according to How portable is mktemp(1)?, it isn't that portable and/or secu...

I need to create a temporary file and store some data into it. I have written the following code to do so: import org.apache.commons.lang.RandomStringUtils; import java.security.SecureRandom; [......

Are there any standard library methods that can filter out paths which include special traversal sequences, such as ../ and all other convoluted forms of upwards directory traversal, to safeg...

I want to run splint on some of my sources within a debian stable environment. I need to give the preprocessor directive -DUINT16_T='unsigned short' and as I need that very often. I'd like to place...

I work in a company that produces several apps, not all those apps have the same signature or more like it we have at least 5-6 apps certificates for the time being. We tried to create a mechanism...

I am wondering what is the right/standard way to use malloc and free. Is it needed to set pointer NULL after free? Basically, which of the two following ways is correct? double* myPtr = (double*)m...

I have created on php file for establishing connection with database server. In this file, i am using mysql_connect() function with parameters host, username and password of my database serve...

Is there a Gem or means of securely erasing a file in Ruby? I'd like to avoid external programs that may not be present on the system. By "secure erase" I'm referring to overwriting the file conte...

As part of my web app. This is some code I am considering (I'm not the best of PHP programmers but I programming my own app for a project): // Start session session_start(); // Is the user already...

So, because Strings are immutable, we use char[] instead of String to store passwords so that we can erase the characters when we're done with it. Is StringBuilder (or StringBuffer) as safe as a ch...

I am looking for a comprehensive record of secure coding practices in C. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further refere...

I am looking for a comprehensive record of secure coding practices in C++. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further refe...