Browsed by
Month: March 2018

Your website has assets – You need SRI

Your website has assets – You need SRI

Comments 1 comment

All websites have something worth protecting. Those valuable things are frequently loaded from a CDN (Content Delivery Network) which is a distributed network of data centers that deliver assets based on geographic locations of the user. Using a Content Delivery Network to deliver content on your website has its perks. The main advantage of using a CDN is improved performance – speed matters because if your website is slow, it could frustrate your users sending them elsewhere. Content Delivery Networks – The…

Read More Read More

The path to a custom Firewall and a Content Security Policy on a Blog

The path to a custom Firewall and a Content Security Policy on a Blog

Comments 2 comments

Few years ago I found myself looking for a firewall. I’ve looked at various options from various security companies, but couldn’t find what I was looking for – the firewalls at the time were either too expensive or lacked some of the features I required. As I kept thinking about this, I decided I’m not buying one and so, in 2014, I ended up building a custom WAF.. What is a WAF? A WAF is short for Web Application Firewall. The primary…

Read More Read More

Creating a Secure Login Page

Creating a Secure Login Page

Comments 0 Comment

Login pages – they’re everywhere. Almost every website has a login page – from big companies to discussion forums. In this blog post I’ll try to explain how login pages work and also show how to create one, but instead of spoonfeeding information, I will only explain the core concept. I will also clarify how to mitigate two types of attacks that can occur if your website has a login functionality. Let’s begin, shall we? A login form – the basics…

Read More Read More

To padlock or not to padlock? SSL Explained

To padlock or not to padlock? SSL Explained

Comments 3 comments

You visited a website, you saw a green padlock saying “Secure”. Cool. But what does that actually mean? Does that mean a website can’t be hacked? Let me start with the actual difference.. HTTP? HTTPS? What’s the difference? HTTP (HyperText Transfer Protocol) is a protocol that allows communication between different systems. HTTPS (HyperText Transfer Protocol Secure) is HTTP with SSL (Secure Sockets Layer). The difference? Data sent over HTTP is not encrypted and could be intercepted by a third party….

Read More Read More

Understanding & Mitigating Cross-Site Request Forgery (CSRF)

Understanding & Mitigating Cross-Site Request Forgery (CSRF)

Comments 4 comments

CSRF. Easy, enormously effective, frequently misunderstood. This attack can be called a sleeping lion because it is not taken as seriously as it should be. But what and just how bad is it? Cross-Site Request Forgery Cross-Site Request Forgery (Sometimes shortened to CSRF or XSRF, also known as “Sea Surf” or “Session Riding“) is a type of attack that forces a user to execute unauthorized actions when they’re logged in to a web application. Such an attack occurs when a…

Read More Read More

SQL Injection – What it is, how it works & how it can be mitigated

SQL Injection – What it is, how it works & how it can be mitigated

Comments 2 comments

SQL Injection. If You’re decently security-minded, You’ve probably heard of it. But what is it exactly? How does it work and, perhaps most importantly, what we can do to prevent it? What we do know is that injection is the #1 flaw targeting web applications according to OWASP Top 10. But why exactly is it so prevalent? I’ll try to touch on that in this blog post. SQL Injection? Never heard of it.. For those of you who haven’t heard of SQL Injection (SQLi)…

Read More Read More

How I could have pwned my highschool (SQLi, CSRF, Hardcoded Passwords & XSS) – Part 1

How I could have pwned my highschool (SQLi, CSRF, Hardcoded Passwords & XSS) – Part 1

Comments 48 comments

Introduction It happened. Someone told me a website was invulnerable. Coincidentally, since it also happened to belong to a highschool, I took it as a challenge, obtained permission to find flaws in it and have found some pretty serious ones later on. The flaws have since been patched. Blind, Boolean-Based SQL Injection SQL Injection (SQLi) is a vulnerability which allows an attacker to inject malicious code into SQL statements. When using such a vulnerability, an attacker may be able to…

Read More Read More