Tutorials on Code Security

Posted in Tutorials

Below are some tutorials on code security and how to write secured code to prevent hacker exploits which includes form hijacking, SQL injection, Cross-Site Scripting, Cross-Site Request Forgery, and Denial of Service attacks.

Videos on Security

Security issues with Superglobals and register_globals

Form Hijacking

http://www.anders.com/projects/sysadmin/formPostHijacking/
http://www.softswot.com/form-hijacking.php

SQL Injection

Explanation of SQL injection
SQL Injection information in Wikipedia
Using Stored Procedure to Prevent SQL Injection
Prevent SQL Injection in PHP by filtering input and escaping output
Storing Data Retrieved from a Form and Magic Quotes
SQL injection and prevention by using mysql_real_escape_string()

Cross-Site Scripting (XSS)

Cross site scripting on Wikipedia
Greg Murray’s Preventing Cross Site Scripting
Chris Shiflett: Foiling Cross-Site Attacks
Microsoft info about Cross site scripting and cookies

Cross-Site Request Forgery (sidejacking or XSRF)

Cross-site request forgery on Wikipedia

Note: Wikipedia says “individual users can help protect their accounts at poorly designed sites by logging off the site before visiting another”.

Denial of Service

Denial of Service attacks (also known as DOS) are when hackers tries to bring servers to a halt by crafting requests to web applications in such a way as to make them work so hard that hardware is not able to handle the request.