If you're in trouble and cannot find an answer to a question which goes beyond Stack Overflow...
If you have a not-so-usual solution for your problems but need to justify it to your boss...
If you like to think on your own rather than blindly follow "common wisdom" and "profound truth"...
...then 'No Bugs' Hare on Soft.ware might be the right place for you.
Your mileage may vary. Batteries not included

This category is dedicated to some thoughts which are based on original research.

While our research presented here is guaranteed to be original, we cannot guarantee that every post here is really novel (i.e. there is a chance that some of the things we’re speaking here, have been published before). In such a case, please drop us a line – we will provide a reference to the previous research.

Security Research, page 1:

Bot Fighting 201. Part 4. Obfuscating Protocols. Versioning.

Quote: “we can handle several Client versions (each with its own obfuscation) with the very same Server.”
Another Quote: “Then, if/when a zero-day bug is encountered in TLS – our obfuscation does provide additional protection even before the attacker can reach the code with that zero-day vulnerability”
[]

Advocating “Obscurity Pockets” as a Complement to Security. Part II. Deployment Scenarios, More Crypto-Primitives, and Obscurity-Pocket-As-Security

Quote: “In other words – such an Obscured RNG would protect us from Debian RNG disaster(!)”
Another Quote: “such a protocol (if properly deployed on the Server Side) – would defeat Heartbleed too (even if all the details of the Client are known)”
[]

Advocating “Obscurity Pockets” as a Complement to Security. Part I. Definition and Benefits.

Quote: “In a hypothetical world where attackers would need to create a unique attack script for each system attacked – such an economy would be a non-starter.”
Another Quote: “If all the people would be the same – pandemics such as Black Death would easily take the whole humankind down; it is diversity among humans which allowed us to survive.”
[]

Client-Plus-Server Password Hashing as a Potential Way to Improve Security Against Brute Force Attacks without Overloading the Server

Abstract: Client-Side password hashing (in addition to existing server-side hashing) can improve resilience to brute-force attacks.
Quote: “Even if client-side is 10x slower than server-side, it leaves us with 10x improvement which is certainly a good thing to have”
[]