Education
Beschreibung: In dieser Folge sprechen über Web Security und erklären die grundlengenden Angriffe wie beispielsweise Cross-Site Scripting (XSS), Cross-Site-Request Forgery (CSRF), SQL Injection und deren Verteidigungen. Viel Spaß beim Hören! Shownotes: RFC 2616 - Hypertext Transfer Protocol – HTTP/1.1 Segfault.fm Episode 0x0f TLS TITLE Same-origin policy - Web security Paper: How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security Segfault.fm Episode 0x05 Android Hardening Segfault.fm Episode 0x11 Authentifizierung Register: Google (finally) adds protection for common Web 2.0 attack CSRF WordPress passwords, explained and cracked draft-west-cookie-incrementalism-00 - Incrementally Better Cookies OWASP Top Ten X-XSS-Protection X-Content-Type-Options X-Frame-Options Clickjacking - Wikipedia sqlmap xkcd: Exploits of a Mom SQLite3 Injection Cheat Sheet Content-Security-Policy Header ⟶ CSP Reference & Examples CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy XSS Auditor - The Chromium Projects WP: Jon Postel WP: Robustness principle