LII:Web Application Security Guide
From LIMSWiki
Jump to navigationJump to searchWeb Application Security Guide
Originally written by: Jan Schejbal and others
Transferred by: Shawn Douglas
Under the license: Creative Commons Attribution-ShareAlike 3.0 Unported
Table of contents
- Opening comments
- Checklist
- Miscellaneous points
- File inclusion and disclosure
- File upload vulnerabilities
- SQL injection
- Cross-site scripting (XSS)
- XML and internal data escaping
- XML, JSON and general API security
- (Un)trusted input
- Cross-site request forgery (CSRF)
- Clickjacking
- Insecure data transfer
- Session fixation
- Session stealing
- Truncation attacks, trimming attacks
- Password security
- Comparison issues
- PHP-specific issues
- Prefetching and spiders
- Special files
- SSL, TLS and HTTPS basics
- Further reading
- Authors