0x14 Web-Security 101
Veröffentlicht am 2021-04-16 17:00:00 +0000Download: Opus, OGG Vorbis oder MP3
Beschreibung
In dieser Folge sprechen über Web Security und erklären die grundlengenden Angriffe wie beispielsweise Cross-Site Scripting (XSS), Cross-Site-Request Forgery (CSRF), SQL Injection und deren Verteidigungen. Viel Spaß beim Hören!
Shownotes
- RFC 2616 - Hypertext Transfer Protocol – HTTP/1.1
- Segfault.fm Episode 0x0f TLS
- TITLE
- Same-origin policy - Web security
- Paper: How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security
- Segfault.fm Episode 0x05 Android Hardening
- Segfault.fm Episode 0x11 Authentifizierung
- Register: Google (finally) adds protection for common Web 2.0 attack
- CSRF
- WordPress passwords, explained and cracked
- draft-west-cookie-incrementalism-00 - Incrementally Better Cookies
- OWASP Top Ten
- X-XSS-Protection
- X-Content-Type-Options
- X-Frame-Options
- Clickjacking - Wikipedia
- sqlmap
- xkcd: Exploits of a Mom
- SQLite3 Injection Cheat Sheet
- Content-Security-Policy Header ⟶ CSP Reference & Examples
- CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy
- XSS Auditor - The Chromium Projects
- WP: Jon Postel
- WP: Robustness principle