General Principles of Web Security

Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]

Principle 1: Defense in Depth ,[object Object],[object Object],[object Object],[object Object]

Example Configuration ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Principle 2: Start with the Minimum ,[object Object],[object Object],[object Object]

Example: Database Account ,[object Object],[object Object],[object Object]

Real Example: Alumni Database ,[object Object],[object Object]

Summary ,[object Object],[object Object]

Cross Site Scripting (XSS) ,[object Object],[object Object]

Just a Few Dangerous Tags ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Remote Content is Bad ,[object Object],[object Object]

Core Principles ,[object Object],[object Object],[object Object],[object Object],[object Object]

Validate Datetime: ASP.NET Example ,[object Object]

Encoding Output: PHP Sample ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Encoding Output: C# Code Sample ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Side note ,[object Object],[object Object]

General Recommendations ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

The Importance of Coding Standards ,[object Object],[object Object],[object Object]

PHP Code Example ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommendations Continued ,[object Object],[object Object],[object Object]

Page Content Type Slide ,[object Object]

ASP.NET Recommendations ,[object Object],[object Object],[object Object],[object Object],[object Object]

Quick Steps to Fix Existing Code ,[object Object],[object Object],[object Object],[object Object]

SQL Injection ,[object Object]

[object Object],[object Object],Cool web app Database Cool web app Database

SQL Login Routine ,[object Object],[object Object],[object Object]

Why Dangerous? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Getting Access to the Server ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Continued ,[object Object],[object Object],[object Object],[object Object],[object Object]

Core Principle #1 ,[object Object],[object Object],[object Object],[object Object]

Principle 1: Constrain Input ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Core Principle #2 ,[object Object],[object Object],[object Object],[object Object]

Principle 2: Use an Escape Wrapper ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Principle 2: Use Parameter Replacement ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Principle 2: Use Stored Procedures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Principle 3: Harden the Environment ,[object Object],[object Object],[object Object]

Other Considerations: Logging ,[object Object],[object Object],[object Object],[object Object]

SQL Injection Principles Summary ,[object Object],[object Object],[object Object]

Sources ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

General Principles of Web Security

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a General Principles of Web Security

Similar a General Principles of Web Security (20)

Último

Último (20)

General Principles of Web Security