Things I need to know about security - Speaker Deck

Tweet

Tweet

Slide 1

Slide 1 text

Things I need to know about Security We’re all doomed.

Slide 2

Slide 2 text

SQL Injection Cross Site Scripting (XSS) Session Hijacking What and How?

Slide 3

Slide 3 text

What Uses SQL as an input which will influence a database and cause the application to perform an unintended action. How Sanitize your inputs! SQL Injection Impact: Devastating Exploitability: Easy

Slide 4

Slide 4 text

XKCD: Exploits of a mom. https://xkcd.com/327/ SQL Injection

Slide 5

Slide 5 text

Cross Site Scripting (XSS) What A XSS attack occurs when malicious code is saved by the application and is then redisplayed without interference from security mechanisms. How Sanitize your outputs! Impact: Harmful Exploitability: Easy

Slide 6

Slide 6 text

Cross Site Scripting (XSS)

Slide 7

Slide 7 text

Session Hijacking Impact: Harmful Exploitability: Moderate What Session hijacking refers to the scenario where an attacker is able to impersonate a legitimate user, either by stealing their session identifier, or forging session information. [1] How Use HTTPS - enforce SSL for pages you don’t want a hacker to access. Set your cookies to secure and httponly.

Slide 8

Slide 8 text

Thanks for listening! @jonoyeong http://jonathanyeong.com What are some other important security things we should know about?

Slide 9

Slide 9 text

References [1] https://www.hacksplaining.com/glossary/sessions [2] https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)