Security

Threats

  • XSS
  • XSRF
  • Injection (e.g. SQL-Injection)
  • Attacks on Session / Cookies/ SessionIDs
  • Path Climbing
  • Session Hijacking
  • Hidden Field Manipulation

Links

Security – Agenda

  • Variable injection
  • SQL injection
  • Input filtering
  • Output escaping
  • Security by obscurity
  • Fix the rights
  • Configuration
  • Cookies and Sessions
  • Information Gathering
  • Threat Modelling

Comments