LII:Web Application Security Guide

From LIMSWiki

Jump to navigation Jump to search

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Web Application Security Guide

Originally written by: Jan Schejbal and others
Transferred by: Shawn Douglas
Under the license: Creative Commons Attribution-ShareAlike 3.0 Unported

Table of contents

Opening comments

Miscellaneous points

File inclusion and disclosure

File upload vulnerabilities

Cross-site scripting (XSS)

XML and internal data escaping

XML, JSON and general API security

(Un)trusted input

Cross-site request forgery (CSRF)

Insecure data transfer

Session fixation

Session stealing

Truncation attacks, trimming attacks

Password security

Comparison issues

PHP-specific issues

Prefetching and spiders

SSL, TLS and HTTPS basics

Further reading

Retrieved from "https://www.limswiki.org/index.php?title=LII:Web_Application_Security_Guide&oldid=46209"

LII:Guides, white papers, and other publications

Navigation menu