Principles of Web applications security

Vladimir de Turckheim

Lead Node.js engineer @ Sqreen​ (ex. Steamulo, Secway)

SQL injection

A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application.

https://nodeblogvuln.herokuapp.com/

XSS

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites.

Different kinds

  • Reflected
  • Stored
  • DOM based

LFI and Directory traversal

The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application.

Shell injection

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application.

NoSQL injection

?

Principles of Web applications security

By Vladimir de Turckheim

Principles of Web applications security

  • 815