Things I need to know about security

Things I need to know about security

Lightning talk given at the August RORO. Trying to give a basic overview of 3 security threats to your web application.

7693460f070c2e00c78e56806d4fdfc0?s=128

Jonathan Yeong

August 09, 2016
Tweet

Transcript

  1. Things I need to know about Security We’re all doomed.

  2. SQL Injection Cross Site Scripting (XSS) Session Hijacking What and

    How?
  3. What Uses SQL as an input which will influence a

    database and cause the application to perform an unintended action. How Sanitize your inputs! SQL Injection Impact: Devastating Exploitability: Easy
  4. XKCD: Exploits of a mom. https://xkcd.com/327/ SQL Injection

  5. Cross Site Scripting (XSS) What A XSS attack occurs when

    malicious code is saved by the application and is then redisplayed without interference from security mechanisms. How Sanitize your outputs! Impact: Harmful Exploitability: Easy
  6. Cross Site Scripting (XSS)

  7. Session Hijacking Impact: Harmful Exploitability: Moderate What Session hijacking refers

    to the scenario where an attacker is able to impersonate a legitimate user, either by stealing their session identifier, or forging session information. [1] How Use HTTPS - enforce SSL for pages you don’t want a hacker to access. Set your cookies to secure and httponly.
  8. Thanks for listening! @jonoyeong http://jonathanyeong.com What are some other important

    security things we should know about?
  9. References [1] https://www.hacksplaining.com/glossary/sessions [2] https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)