Security
Threats- XSS[link1]
- XSRF
- Injection (e.g. SQL-Injection)
- Attacks on Session / Cookies/ SessionIDs
- Path Climbing
- Session Hijacking
- Hidden Field Manipulation
Links
- PHP security manual[link2]
- http://www.modsecurity.org
- Top 25 Most Dangerous Programming Errors[link3]
- Web Application Exploits and Defenses[link4]
- OWASP Testing Guide[link5]
- threat risk modelling[link6]
- https://openssf.org/resources/guides/
- https://cheatsheetseries.owasp.org/index.html
Security - Agenda
- Variable injection
- SQL injection
- Input filtering
- Output escaping
- Security by obscurity
- Fix the rights
- Configuration
- Cookies and Sessions[link7]
- Information Gathering
- Threat Modelling
- [link1] https://wackowiki.org/doc/Dev/Guidelines/Security/XSS
- [link2] http://www.php.net/manual/en/security.php
- [link3] http://cwe.mitre.org/top25/
- [link4] http://google-gruyere.appspot.com/
- [link5] https://www.owasp.org/index.php/OWASP_Testing_Project
- [link6] https://www.owasp.org/index.php/Threat_Risk_Modeling
- [link7] https://wackowiki.org/doc/Dev/Guidelines/Session