I'm looking for an open source for antitampering and Code obfuscation tool for my iOS project. Some library like Proguard in Android. I found iXGuard and Dexprotector are paid tools. I'm looking fo...

I was wondering to what degree I can rely on the digital signatures on files (aka Digital Certificates from Verisign, Simantec etc), when deciding if it's been tampered with or not. Say I want do...

I am working on a project (mobile app) where I need to monitor adversary actions. So, my question is how can I make iOS app tamper-evident? e.g. Whenever any adversary try to tamper code then s...

Long time listener, first time caller. 'Say you have a database table that is responsible for logging user activity. The integrity of this log is important, so you want to be able to detect if som...

I have a page with an input text component marked as required="true" and having a custom Validator in server side. Now as a client, I submit the page without the HTML element rendered by that comp...

I am able to tamper post request parameter with Tamper Data in firefox i.e when i make post request and i get the popup in firefox to change POST request parameters but in case of GET request, i g...

Why don’t we save the cookie information of website visitors (subscribers) in the database rather than setting a file on the user's machine. Yeah, I know I might sound silly for the following...

How do you add "objects" to an existing app ? For example, the EasyRefresh for Chrome tweak, enables a new button inside the iOS Chrome app, as do many other tweaks. How may i add a simple UIButt...

i am working on security and other stuff about my web sites. in my country online payments work like paypal. mean you should pass some parameters such as Amount,MerchantID,ReturnURL,ResNum(OrderID)...

I generate a forms auth ticket with some user data, encrypt and send it to my client all using the standard .net Api. Everything works except for one small problem. If i replace the 0 in the auth t...

We have audit table in our database. Records to this table are done using triggers. Currently, there is nothing that prevents user to log on to database server, open table from management studio a...

Would I be taking a big security risk by trusting the content of the $_SERVER variable array to get the name of php file using $_SERVER['PHP_SELF']?