One of the most troublesome things is the management and security of user information.

Image for post
Image for post
Photo by Martin LONGIN on Unsplash

Really! Signing up is difficult?

Unlike you might imagine, registering / logging in and managing users is not that simple at all. It can get pretty messy with the following features:

  • User decentralization
  • Integration with Gmail, Facebook
  • Integration with existing user systems in the enterprise
  • Reset password when users forget
  • Block account when a user enters wrong password many times
  • Secure API with mobile app
  • Two factor authentication (two factor authentication) with important accounts
  • Management: Add, delete, delete, edit users

A rather complex roundabout concept that is easy to make front-end developers crazy.

Image for post
Image for post
Photo by Sigmund on Unsplash

What is a prototype?

When another developer keeps coming up and asking you, “What the heck is a prototype?”, Answer it: It’s your father’s head, asking questions. This answer is somewhat ludicrous but quite accurate; it can be understood that prototype is either the template or the parent of an object.

In JavaScript, except for undefined, all other types are objects. The string, number, and boolean types are String, Number, and Boolean objects, respectively. Arrays are objects of Array form; functions are objects of Function form. The prototype of each object is its parent. String’s father is String. Prototype, Number’s father is Number.prototype, …


Hackers can sit at website A and seduce users to attack site B and other site C.

Image for post
Image for post
Photo by Samet Özer on Unsplash

In the Romance of the Three Kingdoms, talented military masters who have the talent of manipulating their thoughts sit in stubbornly determined stubbornly thousands of miles away.

This article will explain how hackers attack and also guide you on how to prevent them.

The fundamental of CSRF

CSRF’s full name is Cross-Site Request Forgery (Another name is XSRF). This vulnerability is quite common, and Netflix and Youtube have also been victims of vulnerability.

The consequences caused by it are also “quite” serious, so CRSF is pleased to be in the top 10 of OWASP security vulnerabilities. …


This — keywords easy to make headache the programmers js.

Image for post
Image for post
Photo by Zachary Keimig on Unsplash

When we first learn, this is also quite simple and harmless. If you’ve ever learned Java or C #, you must remember this keyword is used to point to the object that calls the function. In javascript, this keyword plays a similar role. In the code below, we will see that this returns the object person and prints out exactly what we want.

var person = {
firstName: 'Hoang',
lastName: 'Pham',
showName: function () {
console.log (this.firstName + '' + this.lastName);
}
};

// Serialize will lose the method, only keep the properties
JSON.stringify (person); // '{"firstName": "John", "lastName": "Wick"}'

var jsonString = '{"firstName": "John", "lastName": "Wick"}';
var psn = JSON.parse (jsonString); // Convert string to object
console.log (psn.firstName); // John
console.log (psn.lastName); …


A “strange” security hole with a long, and difficult-to-read name.

Image for post
Image for post
Photo by Markus Spiske on Unsplash

What is strange?

This security hole is “strange” in that it is in the top 4 OWASP, but there is very little documentation about it. It is not known as XSS or CSRF or SQL Injection (Although its OWASP rank is much higher than XSS or CSRF).

I myself have never heard of the press or news mentioning this error before. Is it possible that there are no well-known cases related to it, or is it because the bug has many complex variations?

The main cause of this vulnerability is the carelessness of a developer or sysadmin (If you encounter this error, you have to drag the developer to cut first, then cut the tester). …


Javascript is originally designed in a rudimentary way, used to validate on the client-side.

Image for post
Image for post
Photo by Luca Bravo on Unsplash

If you follow the career of a web developer, you must work every day with js. Js itself is bad, but it comes with countless beneficial libraries/frameworks (jQuery, AngularJS, …); thanks to NodeJS, it even encroaches on the back-end.

In the first lesson, I will introduce the most basic knowledge in JavaScript: object.

What the hell is an Object?

Anyone who has studied Object-Oriented Programming knows about Class and Object concepts. However, there are no Classes but only Objects in JavaScript, so that it won't be obvious for some.
In OOP languages ​​such as C ++, Java, C #, … It can be roughly understood that Class is a framework, and an Object is an object created based on that framework. …


Why adding string will affect the memory and performance of the system?

Image for post
Image for post
Photo by George Pagan III on Unsplash

String

Once upon a time, when we were in Java, we were often told we had to use StringBuilder and append when adding strings instead of adding String. The reason is that String is immutable; its value does not change. When adding a string, we create a new string in memory. StringBuilder is mutable, so when we use the append, its value changes, not a new string is created. Therefore using StringBuilder will save memory and run faster.

Do not believe, please see the 2 code below. The code using StringBuilder only takes 4ms to run, and the code using String takes 4828ms (Source). …


SQL Injection vulnerability, one of the most common and most dangerous security holes of all time.

Why is SQL Injection?

The following reasons have made the famous name of SQL Injection:

Extremely Dangerous — Can cause enormous damage. With SQL Injection, a hacker can access part or all of data in the system.
Very popular and easy to implement — This vulnerability is very well known, from developers to hackers, almost everyone knows. Besides, several SQL Injection attack tools for “non-people” do not know anything about programming.
Lots of big guys were stuck — Sony, Microsoft UK. Every scandal related to “exposing user data” is more or less related to SQL Injection.
Easy to attack, popular, with serious consequences, that’s why Inject (Not just SQL but OS and LDAP) is at the top of the top 10 security holes of OWASP. …


From basic to advanced, from trainee to senior.

Image for post
Image for post
Photo by Serenay Gulsen on Unsplash

Introductory Level — Knowledge base

At this level, you will learn JavaScript as well as programming in general. Therefore, I chose the book to go into the background, easy to read, and understand.


To become a senior among millions of programmers!

Image for post
Image for post
Photo by Thom Milkovic on Unsplash

Introduction

Welcome to the final article in the SOLID series. In this article, I will talk about the Dependency Inversion Principle.

  1. Open / Closed Principle
  2. Liskov Substitution Principle
  3. Interface Segregation Principle
  4. Dependency Inversion Principle

Principle content

1. High-level modules should not depend on low-level modules. Both should depend on the abstraction.
2. Interface (abstraction) should not depend on details, but vice versa. (Classes communicate with each other through interfaces, not through the implementation.)

Explain the principle

In the article, I often use the word module. In fact, this module can be a project, a DLL file, or a service. To make it easy to understand, you should consider each module as a class just in this article. …

About

Beribey

Always be nice to anybody who has access to my toothbrush.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store