<!--toc--> |
|
## Introduction |
|
Security is one of the major concerns in development of web applications as they are instantly exposed to the world that is full of potential attackers. |
|
Writing web applications today is very similar to walking |
over a minefield. If you don't have proper tools and knowledge you are most likely going to loose a "virtual lag". |
|
## State of Mind |
|
There are several golden rules in writing secure web applications: |
|
1. Never trust users input. |
2. Think - "How can I attack my application" |
3. Learn common vulnerabilities and methods of their prevention so you at least would not do the mistakes others did. |
|
So when it comes to writing web applications always remember that there *is* somebody who would actually try |
to something bad to your site and you are lucky if you |
will discover this. |
|
What is even more important that at some point, your |
_will_ make a mistake and your web site |
_will_ be cracked and you'll have to do a hard work |
to restore it. So keep backups and even more important |
check your [restore procedures](http://www.joelonsoftware.com/items/2009/12/14.html) work. |
|
## SQL Injections |
|
This is one of the most basic problems that |
web developer should be familiar with. |
|
Have you ever written code like: |
|
std::string query= |
"SELECT 1 from users " |
"WHERE username='" + username +"' AND " |
" password='" + password "'; |
|
mysql_query(conn,query.c_str()); |
... |
|
What is the problem? |
|
Assume that username and password value is |
Assume that password value is |
|
' OR ''=' |
|
So the query would look like |
|
SELECT 1 from users |
WHERE username='user' AND |
password='' OR ''='' |
|
Which would always return 1... |
|
So you get authenticated for knowing SQL `:-)` and not |
having proper username and passworld |
having proper password |
|
If you had ever did it then you should never do |
web development till you read this article: |
|
[SQL Injection](http://en.wikipedia.org/wiki/SQL_injection) |
|
How do you prevent SQL injections? |
|
Use prepared statements. (CppDB library)[http://art-blog.no-ip.info/sql/cppdb/] provides all tools you need. |
Use prepared statements. [CppDB library](http://art-blog.no-ip.info/sql/cppdb/) provides all tools you need. |
|
Just rewrite the example above" |
|
sql << "SELECT 1 FROM users " |
"WHERE username=? AND password=?" |
<< username << password; |
|
Now the values of ? would be _properly_ substituted |
with correct values with their real equivalent. |
|
The query as value would be physically separated. |
|
## Sessions |
## Cross Site Scripting (XSS) |
## Style Sheets |
## Cross Site Request Forgery (CSRF) |
## Cryptographic Tools |
## Character Set Considerations |
## C and C++ Security |
### General Notes |
### Buffer Overflow |
### Integer Overflow |
### Dangling pointers |
## What happens if we still fail? |
## Links |
|
- [Ruby On Rails Security Guide](http://guides.rubyonrails.org/security.html) |
- [Open Web Application Security Project](https://www.owasp.org/index.php/Main_Page) |
- [XSS Cheat Sheet](http://ha.ckers.org/xss.html) |
