Difference between revisions of "LII:Web Application Security Guide"
From LIMSWiki
Jump to navigationJump to searchShawndouglas (talk | contribs) (Cats) |
Shawndouglas (talk | contribs) |
||
| Line 31: | Line 31: | ||
<!---Place all category tags here--> | <!---Place all category tags here--> | ||
[[Category:Guides, white papers, and other publications]] | [[Category:LII:Guides, white papers, and other publications]] | ||
Latest revision as of 18:42, 9 February 2022
Web Application Security Guide
Originally written by: Jan Schejbal and others
Transferred by: Shawn Douglas
Under the license: Creative Commons Attribution-ShareAlike 3.0 Unported
Table of contents
- Opening comments
- Checklist
- Miscellaneous points
- File inclusion and disclosure
- File upload vulnerabilities
- SQL injection
- Cross-site scripting (XSS)
- XML and internal data escaping
- XML, JSON and general API security
- (Un)trusted input
- Cross-site request forgery (CSRF)
- Clickjacking
- Insecure data transfer
- Session fixation
- Session stealing
- Truncation attacks, trimming attacks
- Password security
- Comparison issues
- PHP-specific issues
- Prefetching and spiders
- Special files
- SSL, TLS and HTTPS basics
- Further reading
- Authors
