Lockdown environment
Overview
Communication with and between servers
Containers
Allow locked-down clients of end-users
Hosted repositories
Coding
Overview
Authentication
Use cache securely
File upload
Input validation
Javascript
Local file inclusion (LFI)
Output validation
Python
Arbitrary code execution
Remote file inclusion (RFI)
XSS mitigations
Libraries and frameworks
Overview
Javascript frameworks
npm
PyPI
Python frameworks
Protocols
Overview
Use TLS/SSL more securely
Databases
Overview
Access control
Input validation
Parameterised statements
API
Introduction
Real-time monitoring
Vulnerability scanning
Never trust user data
API testing tools
Security testing
Introduction
Code reviews
Configuration analyses
Database frangibility scanning
Architecture and design validation
Network vulnerability scanning
Web service scanning
Source code analysis
Web application vulnerability scanning
Securing web applications
Ty Myrddin Home
Unseen University
Improbability Blog
About
Contact
Access control