Protecting your website from hackers

Add to your list(s) Download to your calendar using vCal

• Ben Mathews, Facebook
• Tuesday 15 January 2013, 16:15-17:15
• Lecture Theatre 2, Computer Laboratory, William Gates Building.

If you have a question about this talk, please contact Laurent Simon.

I will give a modified version of the talk we give our new engineers on how not to write security holes. This may be a little bit closer to Zend’s talk. I will talk more openly about some of our solutions to a variety of web security issues where an outside hacker is typically trying to get control of your website. Among other things, I will cover: a. XSS : XHP ; Alternatives to innerHTML in JavaScript; Automatic detection of XSS holes. b. SQL injection: Our abstracted graph data store (which avoids the need for SQL ); printf()-style SQL functions c. URL injection: Our URI class for building URLs d. Shell injection: Our printf()-style functions for running shell commands e. CSRF : Generating CSRF tokens and checking them automatically on all POST requests; The importance of a good crypto library f. Brute-force attacks: Also the importance of a good crypto library.

This talk is part of the Computer Laboratory Security Seminar series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Cambridge talks
• Computer Laboratory Security Seminar
• Department of Computer Science and Technology talks and seminars
• Interested Talks
• Lecture Theatre 2, Computer Laboratory, William Gates Building
• School of Technology
• Security-related talks
• Trust & Technology Initiative - interesting events
• bld31

Note that ex-directory lists are not shown.