Lockdown environment

Overview
Communication with and between servers
Containers
Allow locked-down clients of end-users
Hosted repositories

Coding

Overview
Authentication
Use cache securely
File upload
Input validation
Javascript
Local file inclusion (LFI)
Output validation
Python
Arbitrary code execution
Remote file inclusion (RFI)
XSS mitigations

Libraries and frameworks

Overview
Javascript frameworks
npm
PyPI
Python frameworks

Protocols

Overview
Use TLS/SSL more securely

Databases

Overview
Access control
Input validation
Parameterised statements

API

Introduction
Real-time monitoring
Vulnerability scanning
Never trust user data
API testing tools

Security testing

Introduction
Code reviews
Configuration analyses
Database frangibility scanning
Architecture and design validation
Network vulnerability scanning
Web service scanning
Source code analysis
Web application vulnerability scanning

Securing web applications

Ty Myrddin Home
Unseen University
Improbability Blog
About
Contact

Never trust user data

Always assume that user data is malicious until it has been verified, and even then, be careful.

Previous Next

Unseen University, 2024, with a forest garden fostered by /ut7.