prevention of an attack vector (e.g. XSS, HPP, CSRF)
Prevention of a specific attack vector (e.g. XSS, HPP, CSRF)
In OWASP nomenclature, this would be Breakers.
Questions tagged [attack-prevention]
570 questions
36
votes
1 answer
How to prevent "cost attacks" on AWS?
Ok, so I'm using AWS and with a serverless architecture, it's very practical since AWS Lambda will run functions as microsservices and I don't have to deal with servers.
Not only that, but it's also auto-scalable, and they charge in this…
sigmaxf
- 643
- 7
- 17
13
votes
1 answer
Preventing man in the middle attack
I recently did a man in the middle attack on my college LAN (for purely educational purposes:)). I simply wrote a raw socket application that pumped ARP reply packets advertising my MAC address with the IP of the gateway. For the destination address…
bashrc
- 233
- 2
- 6
11
votes
6 answers
Most secure data storage?
What is most secure data storage currently available and suggested by specialists, to store digital data in digital medium (without making hard copy of data onto paper or other type of medium, than digital).
I mean, secure from EMP bombs, magnets,…
Deele
- 263
- 2
- 11
10
votes
4 answers
Fake UserAgent visitor attack?
Not sure if I should report it here, but within my website I collect each request in DB, and from time to time view these records. Among data collected are user agent, reqested url, referrer (i.e. previous) url, time, and others.
Today I found a…
forsberg
- 283
- 3
- 7
7
votes
4 answers
Staying safe, but still connected, at security conferences
If one is to spend some time away from home and work in a hotel environment where neighboring users can at least be presumed to be mischievous (if not actually malicious), what are some measures that can be taken to stay safe from said users while…
Iszi
- 27,127
- 18
- 101
- 163
7
votes
4 answers
Who sells IP reputation data sets?
I know of many companies that will sell ability to lookup IP/URI reputation. Be it DNSBL, json/*, returnpath, threatstop, surbl, ..., will let me perform lookups for a reasonable fee but, in case of this particular project, the lookup introduces…
Mike
- 71
- 3
7
votes
4 answers
Should I be concerned about a very slow dictionary attack?
I have installed fail2ban on my mail server, and the logs show 4-5 IPs regularly hitting my server at large intervals (so not often enough to trigger the fail2ban rules):
2017-10-04 06:29:04,705 fail2ban.filter [1091]: INFO [postfix-sasl]…
Mihai
- 173
- 4
5
votes
2 answers
How can my country's legal/telecoms environment protect against cold-callers conning a remote-access session to the victim's computer?
My local region in Australia is being targeted by a scam whereby victims are cold-called and told that their computer is sending 'errors' to caller at 'Windows' which should be fixed ASAP, and they are standing by to help out with a remote-access…
David Bullock
- 542
- 4
- 10
4
votes
1 answer
Can format string exploit bypass the PaX protection?
I'm trying to find info regarding how format string exploit can bypass the PaX protection mechanism. As I understood PaX just features ASLR and NX protection. So I wonder if an attacker should use string format exploit to bypass PaX. Is it because…
starcorn
- 143
- 3
4
votes
3 answers
How dangerous is game guard?
Game guard is an anti-cheating application used with MMORPGs . I have read that such applications acts as rootkit over the pc. How dangerous it is to play MMORPGs that uses this application? How could it be exploited (either by the company it self…
HSN
- 1,218
- 14
- 23
4
votes
2 answers
Is there any way to secure old unpatched Linux server?
I have to maintain very old CentOS server (not patched since 2013) for a year, until new software is developed to replace it.
It holds HTTP server, mail server and many custom build apps (author gone and forgotten long time ago) with terabytes of…
killgore
- 43
- 2
1
vote
1 answer
How to Prevent CSRF in Ruby on Rails
How can I prevent CSRF in Ruby on Rails programming ? Is it possible to avoid overload on the application loading on net ?
Hoopad
- 11
- 4
1
vote
4 answers
How can my .exe become infected?
I want to have a simple application that is in .exe (executable) format hosted on a secure domain that, on my website, a user can click to download and run. However, I'm aware that many annoying viruses are in the form of a harmless-looking…
Arturo don Juan
- 113
- 3
1
vote
0 answers
Possible exploits for PHPword/ PHPexcel
I'm trying to identify what exploits to guard against when anonymous users generate reports with PHPword and PHPexcel (or similar libraries).
Specifically, I'm worried about textarea inputs where the user can enter about half a page. The amount of…
Aman
- 11
- 3
1
vote
0 answers
How to prevent external magnet rotate a motor
A small DC motor working and moving a disc. When device/motor is powered off, a hacker with a strong magnet came and rotated the motor; without touching the motor, just moving the magnet near the motor is sufficient to cause the motor-nucleus to…
mutucy
- 11
- 1