[ Security for Web Developers ] :: 08: What Can Hurt You

Script Kiddies

This is post 8 of 16 in the series “Security for Web Developers” What You Know Can Hurt You. What You Don’t Know Can Hurt You. Most so-called hackers are really just script kiddies: http://www.hackpconline.com/2010/05/painfully-computer-pranks.html. Most of the fruit is low-hanging: https://www.toptal.com/security/10-most-common-web-security-vulnerabilities. Real exploit developers who find real vulns go much deeper: http://blog.dewhurstsecurity.com/2013/04/17/http-form-password-brute-forcing-the-need-for-speed.html. Public and …

[ Security for Web Developers ] :: 07: Tamper Data

Security Testing With Tamper Data

This is post 7 of 16 in the series “Security for Web Developers” Tamper Data Here’s a more sophisticated tutorial: Assignment: Test your site security Install Tamper Data in Firefox on a suitable computer. Now visit your site and find what you can tamper with. Particularly tinker with pages with forms, especially if you use …

[ Security for Web Developers ] :: 05: Security on the Server Side

Server Security

This is post 5 of 16 in the series “Security for Web Developers” Your server, your database and your site’s security Do you host your own site, or is it hosted? How many sites are hosted on the same server as yours? What programming languages and platforms does it support? How many open ports and …

[ Security for Web Developers ] :: 04: Risk Factors

Internet Security Threats

This is post 4 of 16 in the series “Security for Web Developers” Your site will be tested if: It holds anything of value, It attracts lots of attention (sorry) or It’s controversial in any way. The software you’ve written (your own code) critically depends on your knowledge of things like “sanitizing” the data input …

[ Security for Web Developers ] :: 03: What Makes Your Website Insecure?

Web security network

This is post 3 of 16 in the series “Security for Web Developers” Your relative security is: Lower if your site uses WordPress, Lower if your site involves any controversial topic, Lower if you store credit card or identity information, Lower if your site has a login form, Lower if your servers, applications and code …