University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > Protecting your website from hackers

Protecting your website from hackers

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Laurent Simon.

I will give a modified version of the talk we give our new engineers on how not to write security holes. This may be a little bit closer to Zend’s talk. I will talk more openly about some of our solutions to a variety of web security issues where an outside hacker is typically trying to get control of your website. Among other things, I will cover: a. XSS : XHP ; Alternatives to innerHTML in JavaScript; Automatic detection of XSS holes. b. SQL injection: Our abstracted graph data store (which avoids the need for SQL ); printf()-style SQL functions c. URL injection: Our URI class for building URLs d. Shell injection: Our printf()-style functions for running shell commands e. CSRF : Generating CSRF tokens and checking them automatically on all POST requests; The importance of a good crypto library f. Brute-force attacks: Also the importance of a good crypto library.

This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

© 2006-2014 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity