From: Desert Code Camp
Speaker: Adam Monter
Notes:
Don't keep the web server on the C: drive because a hacker can iterate backwards to the system files.
Validate all info coming in. (Prevents malicious scripts etc.)
paros.org has a java proxy that shows what the application is doing. (I may have written down the url incorrectly or the site's changed since this talk as the web doesn't seem related to the subject so I'm not linking it from here.)
Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.
Wikipedia has a good page on SQL Injection.
OWASP (Open Web Application Security Project) is a free and open application security community.
Visit Johnny I Hack Stuff - I was a bit skeptical about visiting a site with this name at first but it was given to me by the guy at the talk and so I trusted him and it turned out to have a page rank of 6.
Hackers can look at your cached page on Google without leaving an audit trail. (You can prevent Google from caching your pages with robots.txt and meta tag directives.)
No comments:
Post a Comment