Skip to main content
The 2024 Developer Survey results are live! See the results
Information Security

What topics can I ask about here?

IT Security Stack Exchange is for Information Security professionals to discuss protecting assets from threats and vulnerabilities. Topics include, but are not limited to:

  • web app hardening
  • network security
  • social engineering, including phishing
  • risk management
  • policies
  • penetration testing
  • security tools
  • using cryptography
  • incident response
  • physically securing the office, datacentre, information assets etc.

Should I ask my question on another site?

As there are many sites in the Stack Exchange network, some questions that are only loosely security-related may be a better fit on a different site. If you're still unsure if you should ask your question on Information Security Stack Exchange, feel free to ask in our chat or on our meta site.

Below is a list of common question topics that may be a better fit for other sites. Before you post on another site, please read the particular site's help center to ensure your question is appropriate for that site.

  • Programming:
    • If your question is about using a cryptographic/security library or programming interface, you may ask it on Stack Overflow. The same applies if you need assistance implementing or debugging a particular piece of code.
    • If you are looking for someone to review your code, ask on Code Review.
  • Cryptography:
    • Questions regarding your organization's cryptographic policy and practical usage of said crypto may be on topic here.
    • Questions about using cryptographic-related software (e.g. GPG) may be a better fit for Super User.
    • Questions regarding the internals of cryptography may be more appropriate on Cryptography.
    • Questions about specific cryptocurrencies may be best answered on their respective sites; Bitcoin, Ethereum, Monero, Iota, or Stellar.
  • Using or configuring software/hardware:
    • Questions or issues with configuring servers to use security-related features may be better served at Server Fault; e.g. setting up a VPN server or installing TLS certificates for a web server.
    • Questions with a non-security nature about usage of end-user tools/systems may belong on Super User or Unix & Linux as appropriate.
  • Recommendations: Software/library recommendations may be asked about at Software Recommendations.
  • Reverse Engineering: Questions about reverse engineering a system may be asked on Reverse Engineering.
  • Laws: Questions regarding the legality of various information security practices may be asked at Law.

What background should I give in my question? Security is a very contextual topic: threats that are deemed important in your environment may be inconsequential in somebody else's, and vice versa. Are you trying to protect something of global value against Advanced Persistent Threats? Or are you looking for a cost-effective approach for a low-profile small business? To get the most helpful answers you should tell us:

  • what assets you are trying to protect
  • who uses the asset you're trying to protect, and who you think might want to abuse it (and why)
  • what steps you've already taken to protect that asset
  • what risks you think you still need to mitigate

Be Specific - A question that is too open may fail to get the answers you want. Further specific information on the context helps:

  • Web app or desktop?
  • Employees or general public?
  • Windows/Linux, Python/Java, Europe/Singapore, etc?
  • a summary of your threat model, or risk profile, if you've already created one?

The best answer may be wildly different depending on the above. Providing this information will also help you organize your own thoughts about your security issues.

Chat in the DMZ - some questions will inspire discussion - these are best asked in the DMZ.

Laws - Answers on laws, regulations and licencing should not be taken as legally binding - we're security professionals so deal with legal issues, but this site is not a law site.

Mistakes - Sometimes an answer may be voted up highly despite being wrong. Downvote and comment as usual, but if it doesn't get resolved through voting, you can flag it.

For more help, see "What types of questions should I avoid asking?"

Please look around to see if your question has been asked before. It’s also OK to ask and answer your own question.

If your question is not specifically on-topic for Information Security Stack Exchange, it may be on topic for another Stack Exchange site. If no site currently exists that will accept your question, you may commit to or propose a new site at Area 51, the place where new Stack Exchange communities are democratically created.