SQL Injection,
Source of discussion (p. 3)
SQL Injection,
Web-server related, vulnerabilities (XSS, XSRF, and Response Splitting),
Web-client related vulnerabilities,
Use magic URLs, predictable cookies, and hidden from fields.
For all (flaws described above) how does one recognize these flaws?
In your language you use, or studied, do you need to worry? What would you do to counteract problems of vulnerability with your language or your area of expertise?
———
Source of discussion (p. 87)
Buffer overruns,
Format string problem,
Integer overflows,
Command injection,
Race conditions and Executing code with too much privilege.
For all (flaws described above) how dose one recognize these flaws?
In your language you use, or studied, do you need to worry? What would you do to counteract problems of vulnerability with your language or your area of expertise?
———
Source of discussion (p. 277)
Weak password systems,
Weak random number,
Incorrect use of cryptography.
For all (flaws described above) how does one recognize these flaws?
In your language you use, or studied, do you need to worry? What would you do to counteract problems of vulnerability with your language or your area of expertise?
———
Source of discussion (p. 335)
Not protecting network traffic,
Improper use of PKI, especially SSL,
Trusting network name resolution.
For all (flaws described above) how does one recognize these flaws?
In your language you use, or studied, do you need to worry? What would you do to counteract problems of vulnerability with your language or your area of expertise?