Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Things I need to know about security

Jonathan Yeong
August 09, 2016
Technology
0
88

Things I need to know about security

Lightning talk given at the August RORO. Trying to give a basic overview of 3 security threats to your web application.

Jonathan Yeong

August 09, 2016
Tweet

More Decks by Jonathan Yeong

See All by Jonathan Yeong
Deep Dive into Elixir
jonoyeong
0
220

Other Decks in Technology

See All in Technology
BLADE: An Attempt to Automate Penetration Testing Using Autonomous AI Agents
bbrbbq
0
310
SREによる隣接領域への越境とその先の信頼性
shonansurvivors
2
520
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
390
第1回 国土交通省 データコンペ参加者向け勉強会③ - Snowflake x estie編 -
estie
0
130
いざ、BSC討伐の旅
nikinusu
2
780
Lambdaと地方とコミュニティ
miu_crescent
2
370
Engineer Career Talk
lycorp_recruit_jp
0
180
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
誰も全体を知らない ~ ロールの垣根を超えて引き上げる開発生産性 / Boosting Development Productivity Across Roles
kakehashi
1
230
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
110
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
テストコード品質を高めるためにMutation Testingライブラリ・Strykerを実戦導入してみた話
ysknsid25
7
2.6k

Featured

See All Featured
Faster Mobile Websites
deanohume
305
30k
Visualization
eitanlees
145
15k
Site-Speed That Sticks
csswizardry
0
26
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.5k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Building Applications with DynamoDB
mza
90
6.1k
The Language of Interfaces
destraynor
154
24k
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
RailsConf 2023
tenderlove
29
900

Transcript

  1. Things I need to know about Security We’re all doomed.

  2. SQL Injection Cross Site Scripting (XSS) Session Hijacking What and

    How?

  3. What Uses SQL as an input which will influence a

    database and cause the application to perform an unintended action. How Sanitize your inputs! SQL Injection Impact: Devastating Exploitability: Easy

  4. XKCD: Exploits of a mom. https://xkcd.com/327/ SQL Injection

  5. Cross Site Scripting (XSS) What A XSS attack occurs when

    malicious code is saved by the application and is then redisplayed without interference from security mechanisms. How Sanitize your outputs! Impact: Harmful Exploitability: Easy

  6. Cross Site Scripting (XSS)

  7. Session Hijacking Impact: Harmful Exploitability: Moderate What Session hijacking refers

    to the scenario where an attacker is able to impersonate a legitimate user, either by stealing their session identifier, or forging session information. [1] How Use HTTPS - enforce SSL for pages you don’t want a hacker to access. Set your cookies to secure and httponly.

  8. Thanks for listening! @jonoyeong http://jonathanyeong.com What are some other important

    security things we should know about?

  9. References [1] https://www.hacksplaining.com/glossary/sessions [2] https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)