Slides from my Talk at MageTitansIT in Milan at Feb 5th 2015.
How not to suck at data validation and output encoding
Security is an important aspect of web application development. In this talk we’ll have a look at the most common web application vulnerabilities and what you as a developer can do to prevent them. We’ll have a look at methods and ways Magento 1 and 2 provide to increase security.
2. Anna Völkl / @rescueAnn
Hi, I'm Anna. http://anna.voelkl.at
I'm a Magento Certified Developer.
5 years Magento, Java/PHP since 2004
I love IT & Telecommunication and IT- & Information-
Security.
I work at LimeSoda. E-Commerce Agency in Vienna/AT
4. academic titles?!
Teamwork also involves being a good teammate, which is why we are very proud
シャネル デコ
FC Barcelona and was presenting partner of the Fan Zone event prior to the gamehqn
Лечебные грязи Сакского озера
Trying to find for a approach to raise male power and endurance.
New year2013 best now41
Импотенция вы поглядите !
how to write an essay explaining why you deserve a scholarship
Sophisticated
Men
High-heeled shoes
A Wise Choice
http://onemilliondollarhomepage.ru/
how to write up divorce paper
write your name really cool
shady lady free download
driver samsung hd160jj p
9. Stop „Last Minute Security“
●
Do the coding, spend last X hours on „making it
secure“
●
Secure coding doesn't really take longer
●
Data quality software quality security
●
Always keep security in mind
13. Frontend input validation
●
User experience
●
Stop unwanted input when it occurs
●
Do not bother your server with crazy input
●
Only store, what you expect
Don't fill up your database with garbage.
39. ●
Weird customers and customer data was removed
●
Frontend validation added
•
Dropdown (whitelist) would have been an option too
●
Server side validation added
●
Output escaped
40. Summary
Think, act and design your software responsibly:
1) UTF-8 all the way
2) Client side validation, filter input
3) Server side validation
4) Data storage (database column size,...)
5) Escape output
6) Run tests