Skip to main content
Software Engineering

Questions tagged [secure-coding]

Ask Question

The tag has no summary.

15 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
16 votes
0 answers
995 views

DefinitelyTyped has a Dojo solution which uses named modules and may work with legacy Dojo and explicit typing. But these declarations do not facilitate TypeScript import, since there are no anonymous ...
Crowd's user avatar
  • 1
2 votes
1 answer
226 views

I recently wrote a small PowerShell script to clean a Visual Studio solution. It's used by a small team of 5 persons on a regular basis. I built it in PowershellISE (GUI client) and it works great, ...
Doc Brown's user avatar
  • 221k
-2 votes
4 answers
176 views

I wrote a small video library app. It renders private Vimeo videos for paid subscribers. The owners of the app would like to reward users who watch videos. My first implementation was to trigger a ...
Ewan's user avatar
  • 84.6k
0 votes
1 answer
785 views

I am trying to wrap my head around having a secure WEB API and at the same time securing the client that accesses the WEB API. I am hoping someone can point me in the right direction. Here is my ...
Bent's user avatar
  • 2,596
5 votes
1 answer
2k views

C often seems to be taught in terms of contracted examples without much regard to code safety, such as buffer overflows etc. I have often wondered if there are proven, totally safe ways of writing C ...
Brad S.'s user avatar
  • 151
3 votes
3 answers
2k views

We know that checking return values prevent our software from unexpected states. (You can see CWE definition.) But, we are sometimes sure about the return value. For example: bool ...
DeadMG's user avatar
  • 36.9k
0 votes
1 answer
114 views

Which is preferable for both solid technique and secure coding? Example #1: function_one() blah; function_two() blah; print blah; exit; ... Example #2: ...
user58446's user avatar
  • 327
2 votes
1 answer
173 views

I am writing a simple flask application to submit scientific tasks to remote HPC resources. My application in background talks to remote machines via SSH (because it is widely available on various HPC ...
Michał Kosmulski's user avatar
  • 3,602
1 vote
1 answer
89 views

What kind of process or static analysis would catch the heart bleed bug other than human code reviews which we already know failed. The Fix Commit is here.
Lance Nanek's user avatar
  • 135
0 votes
1 answer
2k views

I inherited some old javascript code for a website tracker that submits data to the server using a script url: var src = "http://domain.zzz/log/method?value1=x&value2=x" var e = document....
Satanicpuppy's user avatar
  • 6,196
6 votes
3 answers
1k views

Our website has a login form that shows up in the header on every page on the website. This is what my boss wants however we need to get PCI compliant and it says any sensitive form (login/password) ...
Danny's user avatar
  • 163
5 votes
2 answers
497 views

I am looking for the current, state of the art, coding standards for web development (mostly PHP). Since I do not want to reinvent the wheel I would like to reuse libraries written by people much ...
Dynamic's user avatar
  • 5,786
3 votes
1 answer
251 views

Are there any standardised security procedures or auditing techniques that can be used to assess the security of a piece of software? I'm specifically interested in auditing software written in Java, ...
Thomas Owens's user avatar
  • 85.9k
5 votes
4 answers
295 views

I'm interested in expanding my knowledge of security issues: things like buffer overflows, format string vulnerabilities, etc. I'd like to be able to go through a language and understand its security ...
Arseni Mourzenko's user avatar
  • 139k
5 votes
3 answers
377 views

What are some techniques in determining if a particular piece of source code is malicious or vulnerable to malicious attack? I am currently using cppcheck and I am waiting on an install of Rational ...
Vineet Reynolds's user avatar
  • 653