![[Search]](/static/images/search.gif){kind=small}
![[A-Z Index]](/static/images/az.gif){kind=small}
![[Contact]](/static/images/contact.gif){kind=small}
![[University of Cambridge]](/static/images/identifier2.gif){kind=small}
![[Talks.cam]](/static/images/talkslogosmall.gif)
Ben Mathews, Facebook
Tuesday 15 January 2013, 16:15-17:15
Protecting your website from hackers
- đ¤ Speaker: Ben Mathews, Facebook
- đ Date & Time: Tuesday 15 January 2013, 16:15 - 17:15
- đ Venue: Lecture Theatre 2, Computer Laboratory, William Gates Building
Abstract
I will give a modified version of the talk we give our new engineers on how not to write security holes. This may be a little bit closer to Zend’s talk. I will talk more openly about some of our solutions to a variety of web security issues where an outside hacker is typically trying to get control of your website. Among other things, I will cover: a. XSS : XHP ; Alternatives to innerHTML in JavaScript; Automatic detection of XSS holes. b. SQL injection: Our abstracted graph data store (which avoids the need for SQL ); printf()-style SQL functions c. URL injection: Our URI class for building URLs d. Shell injection: Our printf()-style functions for running shell commands e. CSRF : Generating CSRF tokens and checking them automatically on all POST requests; The importance of a good crypto library f. Brute-force attacks: Also the importance of a good crypto library.
Series This talk is part of the Computer Laboratory Security Seminar series.
Included in Lists
- All Talks (aka the CURE list)
- bld31
- Cambridge talks
- Computer Laboratory Security Seminar
- Department of Computer Science and Technology talks and seminars
- Interested Talks
- Lecture Theatre 2, Computer Laboratory, William Gates Building
- School of Technology
- Security-related talks
- Trust & Technology Initiative - interesting events
- yk449
Note: Ex-directory lists are not shown.