All Questions

I have run a Qualys Web Application Scan for a customer website and found the "Path Disclosure Path-Based Vulnerability". If the normal URL is like this http://example.com/ When I go to the URL http:/...

In a research, I aim at prioritizing vulnerability patching for web applications. Since web application vulnerabilities do not have severity scores assigned like done for vulnerabilities (CVEs are ...

I have a few questions about Security and Veracrypt and hope you can clarify it for me. I don't want the VeraCrypt hidden volume I created to be damaged. If I mount the hidden volume and transfer ...

I'm preparing for the CCSP exam and another test question is throwing me off. The question reads: In all cloud models, security controls are driven by which of the following: A. ...

I'm studying for the CCSP exam and I'm confused with a test prep question in my study materials. The question reads: "Which kind of SSAE report comes with a seal of approval from a certified ...

I logged into a WiFi network on my MacBook at my friend's work today. She logged me in since I could only use the guest WiFi. However, her work's WiFi network under "802.1X" when I open AirPort. When ...

I am partially responsible for some resources protected by a 4-dial combination lock like this one: There are two things that people will usually do after they've locked it: reset all the digits to ...

How can reverse engineering (RE) help a security expert? I've participated in CTF challenges and I have seen RE as an important part of CTFs. Can anyone explain or show me a real scenario that shows ...

I am taking a course in penetration testing and I was provided with a virtual environment to pen test. I was provided with a vpn for my CC server and i am able to ping the host which was found to run ...

Recently me and me colleague was wondering about obfuscating / removing project info. If application is reverse engineered than what kind of information the engineer sees? Can he see the email of the ...

I've used gpg4win's Kleopatra tool to create an OpenPGP RSA personal certificate. I want to export the private key for several reasons (import it on another machine, as well as backing it up in ...

I've read that it's possible to have multiple certificates on one domain. My question is whether all these certificates should be trusted and valid or whether one valid trusted certificate is enough ...

The question I'm asking is, like all security, a bit open-ended, and ultimately - like all security - it involves a personal balance between ease/usability vs. risk/security: Should I let users' ...

****X-XSS-Protection: 1; mode block not working against reflected XSS**** In ASP.NET Application the Microsoft report viewer response/request is vulnerable like ApplicationName/Reserved....

The application I'm working on is accessible only via IP address, so HTTPS connection is provided via a custom-signed certificate. I explained to my client that (from MDN docs) [...] when your ...