Common security vulnerabilities(Part 2)

0:22 - Welcome!!

0:33 - Short recap from last week

0:56 - Please share your feedback about the podcast in this google form

1:10 - SQL Injection

• Injecting malicious SQL statements into the database through the user input
• 2:23 - How to prevent
  • Treat user input as untrusted - Filter and validate

2:43 - Security misconfiguration

• Happens when a part of your web application is defenseless against attack
  • Using default credentials
  • Allowing users to have access to information about the application through the stack trace
• 4:18 - How to prevent
  • Don't overshare information
  • Have a minimal footprint for the different components of your application
  • Don't keep default accounts, files, or directories

5:14 - Broken authentication

• Happens when an attacker masquerades as a user through. different means
  • Credential stuffing: using known breached accounts
  • Automated attacks: using random credentials
  • Default(lazy) credentials
  • Stolen session Ids
• 8:46 - How to prevent
  • The web server could be used to create unique session ids different from the ones created by the browser
  • Add a limit to failed logins
  • Muti-factor authentication
  • Password complexity

Social media

• Rewire with Susan - Instagram
• Susan's Twitter, Facebook, and Instagram

Email
hello@rewirewithsusan.com
Also, feel free to share your thoughts and feedback here

Support the show (https://www.patreon.com/rewirewithsusan)

Episode source