Guillermo Rodas
Google Developer Expert in Web Technologies, Community Organizer, and Online Teacher.
@rodasdev
Google Developer Expert in Web Technologies
Community Organizer and Online Teacher.
https://guillermorodas.com
@rodasdev
You can Google me as well.
The Open Web Application Security Project®
Attack Vectors
An application is vulnerable to attack when:
SELECT *
FROM users
WHERE email = '$email'
AND password = md5('$password')
Attack Vectors
Attack Vectors
Is the Application Vulnerable?
JWT
{ id: 1, user: "A"}
Text
If (isValid(JWT)) {
userId = decode(JWT).payload.id
}
Text
HTTP/1.1 200 OK
id=A
jwt=eyJhbGciO...
Text
HTTP/1.1 200 OK
id=B
jwt=eyJhbGciO...
B
Text
If (isValid(JWT)) {
userId = params.id
}
Attack Vectors
Rather than directly attacking crypto, attackers:
Is the Application Vulnerable?
The first thing is to determine the protection needs of data in transit and at rest.
For example, passwords, credit card numbers, health records, personal information and business secrets require extra protection
Exchangeable Image File Format (EXIF) is a standard that defines specific information related to an image or other media captured by a digital camera. It is capable of storing such important data as camera exposure, date/time the image was captured, and even GPS location.
By Guillermo Rodas
Google Developer Expert in Web Technologies, Community Organizer, and Online Teacher.