Introduction SSL vs TLS Server Configuration Only Support Strong Protocols Only Support Strong Ciphers Use Strong Diffie-Hellman Parameters Disable Compression Patch Cryptogr...

Introduction Preparation Understand Risk Management Basics in the context of Application Security Threat Modeling Terminologies Define Objectives Identify application design R...

Introduction Parameterized Query Examples Prepared Statement Examples Using Java built-in feature Using Java with Hibernate Using .NET built-in feature Using ASP .NET built-in ...

Introduction What’s the problem? What Is Pinning? When Do You Pin? When Do You Whitelist? How Do You Pin? What Should Be Pinned? Certificate Public Key Hashing Examples o...

Introduction PHP Configuration and Deployment php.ini PHP error handling PHP general settings PHP file upload handling PHP executable handling PHP session handling Some more ...

Introduction Primary Defenses Defense Option 1: Avoid calling OS commands directly Defense option 2: Escape values added to OS commands specific to each OS Defense option 3: Par...

Introduction Definition Alternative Names Example Exploitability GitHub case study Solutions General Solutions Language & Framework specific solutions Spring MVC Whitelisti...

Introduction General Guidelines and Considerations Key Selection Algorithms and Protocols Cryptographic hash functions Symmetric-key algorithms Asymmetric-key algorithms Messa...

Introduction Goals of Input Validation Input validation strategies Implementing input validation Whitelisting vs blacklisting Validating free-form Unicode text Regular express...

Introduction Communication APIs Web Messaging Cross Origin Resource Sharing WebSockets Server-Sent Events Storage APIs Local Storage Client-side databases Geolocation Web...