DEV Community

Rewire with Susan

Common security vulnerabilities(Part 2)

0:22 - Welcome!!

0:33 - Short recap from last week

0:56 - Please share your feedback about the podcast in this google form

1:10 - SQL Injection

  • Injecting malicious SQL statements into the database through the user input
  • 2:23 - How to prevent
    • Treat user input as untrusted - Filter and validate

2:43 - Security misconfiguration

  • Happens when a part of your web application is defenseless against attack
    • Using default credentials
    • Allowing users to have access to information about the application through the stack trace
  • 4:18 - How to prevent
    • Don't overshare information
    • Have a minimal footprint for the different components of your application
    • Don't keep default accounts, files, or directories

5:14 - Broken authentication

  • Happens when an attacker masquerades as a user through. different means
    • Credential stuffing: using known breached accounts
    • Automated attacks: using random credentials
    • Default(lazy) credentials
    • Stolen session Ids
  • 8:46 - How to prevent
    • The web server could be used to create unique session ids different from the ones created by the browser
    • Add a limit to failed logins
    • Muti-factor authentication
    • Password complexity

Social media

Email
hello@rewirewithsusan.com
Also, feel free to
share your thoughts and feedback here

Support the show (https://www.patreon.com/rewirewithsusan)

Episode source