Common security vulnerabilities(Part 2) Artwork

Rewire with Susan

Are you a newbie in software development and sometimes feel lost? Or are you a non-technical manager of developers and finding it difficult to navigate some of the conversations in your team? You are in the right place! Here, we simplify topics in software development and share tips to help build a career in technology

All Episodes

Rewire with Susan

Common security vulnerabilities(Part 2)

February 16, 2021 • Season 2 • Episode 11

0:22 - Welcome!!

0:33 - Short recap from last week

0:56 - Please share your feedback about the podcast in this google form

1:10 - SQL Injection

Injecting malicious SQL statements into the database through the user input
2:23 - How to prevent
- Treat user input as untrusted - Filter and validate

2:43 - Security misconfiguration

Happens when a part of your web application is defenseless against attack
- Using default credentials
- Allowing users to have access to information about the application through the stack trace
4:18 - How to prevent
- Don't overshare information
- Have a minimal footprint for the different components of your application
- Don't keep default accounts, files, or directories

5:14 - Broken authentication

Happens when an attacker masquerades as a user through. different means
- Credential stuffing: using known breached accounts
- Automated attacks: using random credentials
- Default(lazy) credentials
- Stolen session Ids
8:46 - How to prevent
- The web server could be used to create unique session ids different from the ones created by the browser
- Add a limit to failed logins
- Muti-factor authentication
- Password complexity

Social media

Email
hello@rewirewithsusan.com
Also, feel free to share your thoughts and feedback here

Support the show