Security
Threats
- XSS
- XSRF
- Injection (e.g. SQL-Injection)
- Attacks on Session / Cookies/ SessionIDs
- Path Climbing
- Session Hijacking
- Hidden Field Manipulation
Links
- PHP security manual
- http://www.modsecurity.org
- Top 25 Most Dangerous Programming Errors
- Web Application Exploits and Defenses
- OWASP Testing Guide
- threat risk modelling
- https://openssf.org/resources/guides/
- https://cheatsheetseries.owasp.org/index.html
Security - Agenda
- Variable injection
- SQL injection
- Input filtering
- Output escaping
- Security by obscurity
- Fix the rights
- Configuration
- Cookies and Sessions
- Information Gathering
- Threat Modelling