3. Anna Völkl / @rescueAnn
Hi, I'm Anna. http://anna.voelkl.at
I'm a Magento Certified Developer.
5 years Magento, Java/PHP since 2004
I love IT & Telecommunication and IT- & Information-
Security.
I work at LimeSoda. E-Commerce Agency in Vienna/AT
6. academic titles?!
Teamwork also involves being a good teammate, which is why we are very proud
シャネル デコ
FC Barcelona and was presenting partner of the Fan Zone event prior to the gamehqn
Лечебные грязи Сакского озера
Trying to find for a approach to raise male power and endurance.
New year2013 best now41
Импотенция вы поглядите !
how to write an essay explaining why you deserve a scholarship
Sophisticated
Men
High-heeled shoes
A Wise Choice
http://onemilliondollarhomepage.ru/
how to write up divorce paper
write your name really cool
shady lady free download
driver samsung hd160jj p
11. Wep Application Security Risks
1)Injection
2)Broken Authentication and Session
Management
3)Cross Site Scripting (XSS)
https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013
12. Stop „Last Minute Security“
●
Do the coding, spend last X hours on „making it
secure“
●
Secure coding doesn't really take longer
●
Data quality software quality security
●
Always keep security in mind
19. Frontend input validation
●
User experience
●
Stop unwanted input when it occurs
●
Do not bother your server with crazy input
●
Only store, what you expect
Don't fill up your database with garbage.
32. Is input validation not enough?
●
Cross Site Scripting (XSS)
– Protect your users
– Protect yourself!
●
Store escaped data?
– Prepare the data where it's needed!
38. ●
Weird customers and customer data was removed
●
Frontend validation added
•
Dropdown (whitelist) would have been an option too
●
Server side validation added
●
Output escaped
39. Summary
Think, act and design your software responsibly:
1) UTF-8 all the way
2) Client side validation, filter input
3) Server side validation
4) Data storage (database column size,...)
5) Escape output
6) Run tests