Tutorials on Code Security
Below are some tutorials on code security and how to write secured code to prevent hacker exploits which includes form hijacking, SQL injection, Cross-Site Scripting, Cross-Site Request Forgery, and Denial of Service attacks.
Videos on Security
- Explanation of SQL injection
- SQL Injection information in Wikipedia
- Using Stored Procedure to Prevent SQL Injection
- Prevent SQL Injection in PHP by filtering input and escaping output
- Storing Data Retrieved from a Form and Magic Quotes
- SQL injection and prevention by using mysql_real_escape_string()
Cross-Site Scripting (XSS)
- Cross site scripting on Wikipedia
- Greg Murray’s Preventing Cross Site Scripting
- Chris Shiflett: Foiling Cross-Site Attacks
- Microsoft info about Cross site scripting and cookies
Cross-Site Request Forgery (sidejacking or XSRF)
Note: Wikipedia says “individual users can help protect their accounts at poorly designed sites by logging off the site before visiting another”.
Denial of Service
Denial of Service attacks (also known as DOS) are when hackers tries to bring servers to a halt by crafting requests to web applications in such a way as to make them work so hard that hardware is not able to handle the request.