Web Programming Step by Step

Lecture 26
Web Security

Except where otherwise noted, the contents of this presentation are Copyright 2009 Marty Stepp, Jessica Miller, and Kevin Wallace.

Valid XHTML 1.1 Valid CSS!

1. The "security mindset"

CSE <= 190M

group hug

The real world

orcs (dorks?)

2. Some basic web attacks

HTML injection

a flaw where a user is able to inject arbitrary HTML content into your page

Securing against HTML injection

SQL injection

a flaw where the user is able to inject arbitrary SQL commands into your query

Securing against SQL injection

bobby tables xkcd comic

3. Breaking and securing an example page

Practice problem: Hack Marty's turnin