Things I need to know about security

Transcript

1. Things I need to know about Security We’re all doomed.

2. SQL Injection Cross Site Scripting (XSS) Session Hijacking What and

   How?

3. What Uses SQL as an input which will influence a

   database and cause the application to perform an unintended action. How Sanitize your inputs! SQL Injection Impact: Devastating Exploitability: Easy

4. XKCD: Exploits of a mom. https://xkcd.com/327/ SQL Injection

5. Cross Site Scripting (XSS) What A XSS attack occurs when

   malicious code is saved by the application and is then redisplayed without interference from security mechanisms. How Sanitize your outputs! Impact: Harmful Exploitability: Easy

6. Cross Site Scripting (XSS)

7. Session Hijacking Impact: Harmful Exploitability: Moderate What Session hijacking refers

   to the scenario where an attacker is able to impersonate a legitimate user, either by stealing their session identifier, or forging session information. [1] How Use HTTPS - enforce SSL for pages you don’t want a hacker to access. Set your cookies to secure and httponly.

8. Thanks for listening! @jonoyeong http://jonathanyeong.com What are some other important

   security things we should know about?

9. References [1] https://www.hacksplaining.com/glossary/sessions [2] https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)