Web Application Security

Frameworks are great because, not only do they simplifying our web app code, they silently provide security restrictions and best practices. But this magic security only works when you stick to the defaults. When you start to do “advanced” coding, you need to know where common web app vulnerabilities are hidden, and where you need to take care of them.

Common vulnerabilities include:

  • SQL injection: unfiltered parameters concatenated into raw SQL queries. This allows hackers to run malicious SQL queries.
  • CSRF: allows hackers to send requests to your app without the user’s knowledge or consent.
  • XSS: allows hackers to submit malicious JavaScript to your site (e.g. in the comments) which can steal session data from other users.

There are many more potentially dangerous things. You can find more details on the OWASP website.

Up next

Stay open-minded, stay hungry!