Uploaded byguest3379bd
PDF, PPTX1,285 views

Whatever it takes - Fixing SQLIA and XSS in the process

This document discusses techniques for preventing SQL injection and cross-site scripting (XSS) vulnerabilities. It proposes using prepared statements with separate data and control planes as a "safe query object" approach. It also discusses policy-based sanitization of HTML and focusing code reviews on defect detection through annotating suspicious code regions. The overall goal is to help developers adopt architectures and techniques that thoroughly apply technical solutions to recognize and fix security weaknesses.

Embed presentation

Download as PDF, PPTX
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process

More Related Content

PDF
OSSEC @ ISSA Jan 21st 2010
bywremes
 
PDF
What should a hacker know about WebDav?
byMikhail Egorov
 
PDF
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
bymichelemanzotti
 
PDF
UA testing with Selenium and PHPUnit - TrueNorthPHP 2013
byMichelangelo van Dam
 
PDF
Building A Poor man’s Fir3Ey3 Mail Scanner
byXavier Mertens
 
PDF
Java Security Manager Reloaded - jOpenSpace Lightning Talk
byJosef Cacek
 
PDF
Java Security Manager Reloaded - Devoxx 2014
byJosef Cacek
 
PPTX
Selenium Conference 2014 -- Bangalore
byPrasanna Kanagasabai
 
OSSEC @ ISSA Jan 21st 2010
bywremes
 
What should a hacker know about WebDav?
byMikhail Egorov
 
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
bymichelemanzotti
 
UA testing with Selenium and PHPUnit - TrueNorthPHP 2013
byMichelangelo van Dam
 
Building A Poor man’s Fir3Ey3 Mail Scanner
byXavier Mertens
 
Java Security Manager Reloaded - jOpenSpace Lightning Talk
byJosef Cacek
 
Java Security Manager Reloaded - Devoxx 2014
byJosef Cacek
 
Selenium Conference 2014 -- Bangalore
byPrasanna Kanagasabai
 

What's hot

TXT
"><img src="x">
bySaphirem Saphirem
 
PPT
Automated Abstraction of Flow of Control in a System of Distributed Software...
bynimak
 
PDF
Web應用程式以及資安問題的探討
byMu Chun Wang
 
PDF
Art of Web Backdoor - Pichaya Morimoto
byPichaya Morimoto
 
PDF
PHP Secure Programming
byBalavignesh Kasinathan
 
PDF
Bkbiet day2 & 3
bymihirio
 
PPTX
Malware Detection with OSSEC HIDS - OSSECCON 2014
bySantiago Bassett
 
PDF
Webinar slides: How to Secure MongoDB with ClusterControl
bySeveralnines
 
PDF
Applications secure by default
bySecuRing
 
PDF
Minor Mistakes In Web Portals
bymsobiegraj
 
PPTX
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
byOWASP
 
PDF
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
byFedir RYKHTIK
 
PPTX
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
bySecurity Bootcamp
 
PPTX
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
byJakub Kałużny
 
PDF
Java EE Web Security By Example: Frank Kim
byjaxconf
 
PPTX
Azure Web Camp : Cache Distribué
byThomas Conté
 
PDF
2013-07-21 MITRE Developer Days - Red Hat SCAP Remediation
byShawn Wells
 
ZIP
Browser-Based testing using Selenium
byret0
 
PDF
Tecnologias Open Source para Alta Disponibilidade e Segurança de Aplicações Web
byAlexandro Silva
 
PPTX
[AzureCamp 24 Juin 2014] Cache Distribué par Thomas Conté
byMicrosoft Technet France
 
"><img src="x">
bySaphirem Saphirem
 
Automated Abstraction of Flow of Control in a System of Distributed Software...
bynimak
 
Web應用程式以及資安問題的探討
byMu Chun Wang
 
Art of Web Backdoor - Pichaya Morimoto
byPichaya Morimoto
 
PHP Secure Programming
byBalavignesh Kasinathan
 
Bkbiet day2 & 3
bymihirio
 
Malware Detection with OSSEC HIDS - OSSECCON 2014
bySantiago Bassett
 
Webinar slides: How to Secure MongoDB with ClusterControl
bySeveralnines
 
Applications secure by default
bySecuRing
 
Minor Mistakes In Web Portals
bymsobiegraj
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
byOWASP
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
byFedir RYKHTIK
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
bySecurity Bootcamp
 
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
byJakub Kałużny
 
Java EE Web Security By Example: Frank Kim
byjaxconf
 
Azure Web Camp : Cache Distribué
byThomas Conté
 
2013-07-21 MITRE Developer Days - Red Hat SCAP Remediation
byShawn Wells
 
Browser-Based testing using Selenium
byret0
 
Tecnologias Open Source para Alta Disponibilidade e Segurança de Aplicações Web
byAlexandro Silva
 
[AzureCamp 24 Juin 2014] Cache Distribué par Thomas Conté
byMicrosoft Technet France
 

Viewers also liked

PDF
Wolfpack at building shelter orientation
byJamie Wolf
 
PDF
Wolfpack at lewis creek orientation
byJamie Wolf
 
PPT
Science Direct Show2
bySaeid Nezareh
 
PPT
Agricalture Iranain
bySaeid Nezareh
 
PPT
Radiant Mind
byRadiantMind
 
PDF
Gunforhire
byhaug
 
ZIP
Cas 2
bySaeid Nezareh
 
PPT
Inspec2
bySaeid Nezareh
 
Wolfpack at building shelter orientation
byJamie Wolf
 
Wolfpack at lewis creek orientation
byJamie Wolf
 
Science Direct Show2
bySaeid Nezareh
 
Agricalture Iranain
bySaeid Nezareh
 
Radiant Mind
byRadiantMind
 
Gunforhire
byhaug
 
Cas 2
bySaeid Nezareh
 
Inspec2
bySaeid Nezareh
 

Similar to Whatever it takes - Fixing SQLIA and XSS in the process

PDF
2 Roads to Redemption - Thoughts on XSS and SQLIA
byguestfdcb8a
 
PDF
2 Roads to Redemption - Thoughts on XSS and SQLIA
byguestfdcb8a
 
PPT
Php Security By Mugdha And Anish
byOSSCube
 
PDF
OWASP Top 10 - DrupalCon Amsterdam 2019
byAyesh Karunaratne
 
PPT
Sql Injection Adv Owasp
byAung Khant
 
PPT
Advanced SQL Injection
byamiable_indian
 
PPTX
How to Hijack a Pizza Delivery Robot with Injection Flaws
bySecurity Innovation
 
PPTX
07 application security fundamentals - part 2 - security mechanisms - data ...
byappsec
 
PDF
Hijacking a Pizza Delivery Robot (using SQL injection)
byPriyanka Aash
 
PPTX
Security Code Review 101
byPaul Ionescu
 
PPT
PHP - Introduction to Advanced SQL
byVibrant Technologies & Computers
 
PPT
PHPUG Presentation
byDamon Cortesi
 
PDF
Generic Attack Detection - ph-Neutral 0x7d8
byMario Heiderich
 
PPSX
Web application security
bywww.netgains.org
 
PPT
Security.ppt
bywebhostingguy
 
PPT
12-security.ppt - PHP and Arabic Language - Index
bywebhostingguy
 
PDF
Security in PHP Applications: An absolute must!
byMark Niebergall
 
PPTX
Why haven't we stamped out SQL injection and XSS yet
byRomain Gaucher
 
PPT
Php & Web Security - PHPXperts 2009
bymirahman
 
PPT
Top Ten Web Defenses - DefCamp 2012
byDefCamp
 
2 Roads to Redemption - Thoughts on XSS and SQLIA
byguestfdcb8a
 
2 Roads to Redemption - Thoughts on XSS and SQLIA
byguestfdcb8a
 
Php Security By Mugdha And Anish
byOSSCube
 
OWASP Top 10 - DrupalCon Amsterdam 2019
byAyesh Karunaratne
 
Sql Injection Adv Owasp
byAung Khant
 
Advanced SQL Injection
byamiable_indian
 
How to Hijack a Pizza Delivery Robot with Injection Flaws
bySecurity Innovation
 
07 application security fundamentals - part 2 - security mechanisms - data ...
byappsec
 
Hijacking a Pizza Delivery Robot (using SQL injection)
byPriyanka Aash
 
Security Code Review 101
byPaul Ionescu
 
PHP - Introduction to Advanced SQL
byVibrant Technologies & Computers
 
PHPUG Presentation
byDamon Cortesi
 
Generic Attack Detection - ph-Neutral 0x7d8
byMario Heiderich
 
Web application security
bywww.netgains.org
 
Security.ppt
bywebhostingguy
 
12-security.ppt - PHP and Arabic Language - Index
bywebhostingguy
 
Security in PHP Applications: An absolute must!
byMark Niebergall
 
Why haven't we stamped out SQL injection and XSS yet
byRomain Gaucher
 
Php & Web Security - PHPXperts 2009
bymirahman
 
Top Ten Web Defenses - DefCamp 2012
byDefCamp
 

Recently uploaded

PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
API-First Architecture in Financial Systems
bycyy111112
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18