General sort of question:
How did you go about improving your knowledge of security in web development? Beyond the very general sort concepts like validating user input, escaping data/using prepared statements when dealing with databases, etc...
As an example, one thing I see people mention quite a lot when talking about sessions, is that sessions can be hijacked. Now i have no idea how that's done, so I equally have no real idea of how to protect against it, and you obviously can't come to somewhere like this and ask how it's done because no-one would tell you. So it seems like an odd sort of impasse, in that you can't really know how to properly protect your system against threats unless you know how they're done, but it's quite difficult to actually find out..how they're done, because people don't want to discuss it for obvious reasons.
Page 1 of 1
1 Replies - 1024 Views - Last Post: 10 August 2012 - 11:06 AM
Replies To: improving security knowledge?
Re: improving security knowledge?
Posted 10 August 2012 - 11:06 AM
As with most things we do - take a look, it's in a book (reading raaaaaaainbow.. damn it!). Flip through the indexes, get a better handle on the scoep.. and if you are feeling particularly cheap just clickity-clack in decent search terms (like session.. and hijacking... and "how does it work") in your bingable search engine of choice.
Page 1 of 1