Below are some tutorials on code security and how to write secured code to prevent hacker exploits which includes form hijacking, SQL injection, Cross-Site Scripting, Cross-Site Request Forgery, and Denial of Service attacks.
Videos on Security
- PHP Security Audit by Chris Shiflett - show how to filter input and escape output
- Security issues with Superglobals and register_globals
Form Hijacking
- http://www.anders.com/projects/sysadmin/formPostHijacking/
- http://www.softswot.com/form-hijacking.php
SQL Injection
- Explanation of SQL injection
- SQL Injection information in Wikipedia
- SQL injection in PHP: the problem and solution
- Protecting SQL Injection in ASP.Net
- Protecting Application from SQL Injection - ASP
- Using Stored Procedure to Prevent SQL Injection
- Prevent SQL Injection in PHP by filtering input and escaping output
- Storing Data Retrieved from a Form and Magic Quotes
- SQL injection and prevention by using mysql_real_escape_string()
Cross-Site Scripting (XSS)
- Cross site scripting on Wikipedia
- Greg Murray's Preventing Cross Site Scripting
- Chris Shiflett: Foiling Cross-Site Attacks
- CGISecurity XSS FAQ
- Microsoft info about Cross site scripting and cookies
Cross-Site Request Forgery (also known as sidejacking or XSRF)
Note: Wikipedia says "individual users can help protect their accounts at poorly designed sites by logging off the site before visiting another".
Denial of Service
Denial of Service attacks (also known as DOS) are when hackers tries to bring servers to a halt by crafting requests to web applications in such a way as to make them work so hard that hardware is not able to handle the request.
- Wikipedia info on various types of Denial of Service attacks
- Introduction to Denial of Service Attacks
