BASIC SECURITY FOR DEVELOPER

Image for post
Image for post
Photo by Scott Webb on Unsplash

INTRODUCTION

Ensuring the security system is the responsibility of many parties: Sys admin, network, manager, and developer. Because I don’t specialize in security, I am not familiar with configuring the system, installing firewalls, etc., so I will not talk about this array. Instead, I will approach you with the security aspect from a developer perspective.

The knowledge in this series is fundamental and easy to learn, but they will be beneficial, helping you avoid “silly, basic” security mistakes when coding. Whether you code C or C ++, Java C #, or PHP, you will learn some useful things through this series.

Summary series

Some issues mentioned in the series (Will be updated later):

  • The dangers of using HTTP. Why use HTTPS to transfer data?
  • How dangerous is the XSS security hole?
  • Cookie storage — Unbelievably harmless
  • Hide server information — Avoid the eyes of people and bad guys
  • SQL Injection — A security hole
  • Insecure Direct Object Reference — Hide your head
  • Cross-Site Attack — Spectacular tricks
  • User management — Think easy to eat but not simple

Most of these security bugs have been prevented in the framework. However, many websites still suffer from several errors because of the silly or negligence of the developer. Therefore, watch the series and try to apply this knowledge to the code to avoid getting these errors.

This is a security series for developers, not hackers. The knowledge in the series helps you to code, to help you fix bugs, not to help you attack other systems or scam users.

Prepare “Toys”

  • Google Chrome Developer Tool: This Developer Toolkit comes with Google Chrome, to assist you in debugging, fixing bugs, running JavaScript, and … attacking Website. ( I will post an article about this later)
  • Add-on EditThisCookie: Used to play around and edit cookies.
  • Fiddler: This software is a web-proxy, which helps you check the HTTP requests from the machine to the server, measure performance, correct security errors, simulate Man In The Middle attacks, etc.

Some other tools will be introduced later.

Warning!

For ethical reasons, if errors are found in other systems, you should notify the administrator rather than sabotage. The line between “understanding the vulnerability” and “destroying the system” is very fragile with essential systems. You could be prosecuted for jail time for your asshole to bloom but not play: v.

Image for post
Image for post
Photo by Clint Patterson on Unsplash

One thing I will repeat throughout the series is: Never trust users !! Never believe what a user enters, don’t think that a user doesn’t know how to fix javascript, can’t mess around. As a user, a hacker has every means to attack the system. Remember it!

This series follows the Hack Yourself First course, Web Security OWASP Top 10 on Pluralsight, and some other sources. This series has subtitles, so it is quite easy to learn, you can quite try to learn English.

Written by

Always be nice to anybody who has access to my toothbrush.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store