Created by Hugh Davenport / @haquaman / hugh@davenport.net.nz
Security is the art of exploiting vulnerabilities in code to produce an aim otherwise intended, which can be used for malicious purposes.
My own definitionVulnerabilities can present in a variety of forms, and are basically the lack of code checking for "edge" cases. These edge cases are what allow the vulnerability to be exploited
ESCAPE/FILTER USER INPUT
OWASP is a project that helps identify common vulnerabilities, and how to fix them.
Every few years, OWASP releases a "top 10" list of vulnerabilities.
Most common injection is SQL injection, but can also be ldap, command, xpath, etc
Cookies, set httpOnly and secure flags, only store a session key, change session key on a privelege escelation.
Passwords, PLEASE PLEASE HASH THEM!!!
FUN!! and really common. User input inserted into HTML and executed like that. Protect with escaping, and other techniques like Content Security Policy (CSP). Limit exposure by correct cookie management.
Don't have a public /uploads or similar folder, and instead have a script that validates that a user is allowed to access a certain object.
Make sure you follow <ahem> documentation, and make sure you follow it right.
ERROR LOGGING DOES NOT BELONG IN PRODUCTION!!
Ensure that users have appropriate level of authorisation before showing content
Ensure that users have appropriate level of authorisation before showing content
This is where you "entice" a different user (usually of a higher/different level of authorisation) to perform an action on your behalf.
Disable GET methods for actions that change content, and make use of "tokens".
Upgrade things, read security releases, understand how you are using libraries.
If you have a function that redirects based on some URL parameter, make sure it is still going to your site...
Go to Mike Haworth's talk, you'll like it ;)