User Ja1024 - Information Security Stack Exchange

77 votes

Accepted

Filter arbitrary code for blacklisted keywords except on commented lines

answered Jan 29, 2024 at 5:54

74 votes

Accepted

What stops a malicious user from hitting an endpoint with falsified data from the console of a webpage?

answered Mar 1, 2024 at 7:32

63 votes

Does the recommendation to use password managers also apply to corporate environments?

answered Jun 17, 2024 at 15:21

58 votes

Accepted

What prevents a browser from saving and tracking passwords entered to a site?

answered Aug 28, 2024 at 20:21

52 votes

Accepted

Can trusted timestamping be faked by altering some bytes within the document?

answered Jul 21, 2024 at 23:20

45 votes

Accepted

Is it secure to block passwords that are too similar to other employees' old passwords?

answered Sep 9, 2024 at 4:18

44 votes

Why don't we use HTML password inputfields for usernames and 2FA codes in the front-end of web applications?

answered Nov 14, 2024 at 14:28

43 votes

Accepted

Why "Only send non-temporary passwords over an encrypted connection or as encrypted data"?

answered Mar 23, 2025 at 0:19

43 votes

Accepted

What's the point of certificates in SSL/TLS?

answered Jun 11, 2023 at 18:16

43 votes

Accepted

Does public key cryptography provide any security advantages, or even just a different security model, over symmetric cryptography?

answered Jun 12, 2023 at 13:24

41 votes

Is it acceptable to ignore potential XSS payloads if they are not executed on our side?

answered Apr 15, 2025 at 22:10

40 votes

Accepted

What prevents applications from misusing private keys?

answered Aug 20, 2024 at 11:08

39 votes

Is SQL Injection possible if we're using only the IN keyword (no equals = operator) and we handle the single quote

answered Dec 16, 2024 at 13:21

39 votes

Web application contains a link to a non-existing domain, is this a vulnerability?

answered Mar 11, 2025 at 12:51

39 votes

Enabling a user to revert a hacked change in their email

answered May 31, 2023 at 11:03

38 votes

Accepted

How to deal with monitoring software on a personal PC used for work?

answered Jun 2, 2024 at 2:18

38 votes

Accepted

Why do best practices recommend against adding your own pepper to passwords before hashing?

answered Nov 2, 2024 at 5:30

33 votes

How to receive large files guaranteeing authenticity, integrity and sending time

answered Jul 18, 2024 at 0:10

33 votes

Accepted

How many possible MD5 hashes are there, 16³²? Or do MD5 checksums have error correction (in which case <16³² possible hashes)?

answered Jul 29, 2025 at 2:42

32 votes

Accepted

Should the generation method of password-reset-tokens be kept secret?

answered Jan 13, 2025 at 9:47

32 votes

Accepted

Are there any security concerns with this authentication flow?

answered Apr 8, 2025 at 1:20

31 votes

Accepted

Why are TOTP seeds rarely leaked in data breaches?

answered Feb 9, 2025 at 10:39

30 votes

Determining Entropy in PHP

answered Sep 16, 2024 at 11:04

30 votes

Securing Transactional Email: User Input Escaping for a email subject

answered Jul 25, 2024 at 14:59

30 votes

Accepted

Is my encryption format secure?

answered Aug 17, 2024 at 1:12

29 votes

Accepted

What are the preferred ways to exchange public keys physically?

answered Apr 24, 2025 at 17:28

28 votes

Accepted

Cryptographic strength of VeraCrypt

answered Apr 9, 2025 at 23:01

28 votes

Accepted

Why aren't passwords also hashed on client side on desktop applications?

answered Mar 24, 2025 at 6:42

27 votes

Accepted

Securely storing a password for matching against its substrings

answered Jan 10, 2025 at 18:53

27 votes

Security implications to removing delay on empty passwords?

answered Feb 25, 2025 at 14:41

Stack Exchange Network

688 Answers

Filter arbitrary code for blacklisted keywords except on commented lines

What stops a malicious user from hitting an endpoint with falsified data from the console of a webpage?

Does the recommendation to use password managers also apply to corporate environments?

What prevents a browser from saving and tracking passwords entered to a site?

Can trusted timestamping be faked by altering some bytes within the document?

Is it secure to block passwords that are too similar to other employees' old passwords?

Why don't we use HTML password inputfields for usernames and 2FA codes in the front-end of web applications?

Why "Only send non-temporary passwords over an encrypted connection or as encrypted data"?

What's the point of certificates in SSL/TLS?

Does public key cryptography provide any security advantages, or even just a different security model, over symmetric cryptography?

Is it acceptable to ignore potential XSS payloads if they are not executed on our side?

What prevents applications from misusing private keys?

Is SQL Injection possible if we're using only the IN keyword (no equals = operator) and we handle the single quote

Web application contains a link to a non-existing domain, is this a vulnerability?

Enabling a user to revert a hacked change in their email

How to deal with monitoring software on a personal PC used for work?

Why do best practices recommend against adding your own pepper to passwords before hashing?

How to receive large files guaranteeing authenticity, integrity and sending time

How many possible MD5 hashes are there, 16³²? Or do MD5 checksums have error correction (in which case <16³² possible hashes)?

Should the generation method of password-reset-tokens be kept secret?

Are there any security concerns with this authentication flow?

Why are TOTP seeds rarely leaked in data breaches?

Determining Entropy in PHP

Securing Transactional Email: User Input Escaping for a email subject

Is my encryption format secure?

What are the preferred ways to exchange public keys physically?

Cryptographic strength of VeraCrypt

Why aren't passwords also hashed on client side on desktop applications?

Securely storing a password for matching against its substrings

Security implications to removing delay on empty passwords?