Exploring security issues in web applications

Cross-site scripting(XSS)

​In Ruby on Rails

  • html_safe
  • raw
  • content_tag

In React

  • dangerouslySetInnerHTML
  • innerHTML
  • href

in Vue

 

  • innterHTML
  • v-html

in JQuery

 

  • html()
  • append()
  • insert()
  • prepare()
  • wrap()
  • before()
  • after()
  • attr()

SQL INJECTION

 

Look for sth like:

  • where(string)
  • select(string)

git grep -E "(CASE|WHERE|WHEN|SELECT|INSERT|THEN|IN).*\{.*\}" app

Exploring security issues in web applications

By Jakub Nieznalski

Made with Slides.com

Exploring security issues in web applications

  • 159

More from Jakub Nieznalski