Mass Assignment - Security Part 10
NB: This is the tenth post in a series of posts on web application security. “Mass assignment”? That’s a Rails thing! GitHub was the recent, »
Intermission
I sincerely hope to start the Advanced section of the security series tomorrow or Wednesday, but it’s been a full and hectic weekend and I »
Stay Up to Date - Basic Security Part 9
NB: This is the ninth post in a series of posts on web application security. Rounding out this week is the last, but perhaps most important »
Click-Jacking and a little Phishing - Basic Security Part 8
NB: This is the eighth post in a series of posts on web application security. Click-jacking is a process of “stealing” clicks on your site, redirecting »
Server Configuration - Basic Security Part 7
NB: This is the seventh post in a series of posts on web application security. Configuring a server correctly is both 1) hard and 2) critical. »
Session Fixation and Hijacking - Basic Security Part 6
NB: This is the sixth post in a series of posts on web application security. Don’t put session IDs in the URL. Django explicitly does »
Access Control - Basic Security Part 5
NB: This is the fifth post in a series of posts on web application security. Proper access control is an absolutely key part of web app »
Injections, SQL and otherwise - Basic Security Part 4
NB: This is the fourth post in a series of posts on web application security. SQL Injection SQL injection is a vector that lets a user »
CSRF: Cross-Site Request Forgeries - Basic Security Part 3
NB: This is the third post in a series of posts on web application security. The quintessential example of a CSRF (sometimes pronounced “sea-surf”) is a »
XSS: Cross-Site Scripting - Basic Security Part 2
NB: This is the second post in a series of posts on web application security. XSS covers a number of various attacks, but the common thread »