WEB - безопасность: От базовых принципов до особенностей PHP - Александр Макаров

Alexander's report's main idea easily fits into a short thesis: "filter the entry point and screen the exit point." We mean various forms, files, HTTP headers by entry point, exit point - browser, console, databases. Based on this thesis, Alexander spoke in detail about widespread threats on the Web and also proposed solutions to the problems associated with them. The speaker pointed at typical threats such as XSS, CSRF, and DDoS attacks, unsafe include constructor, the Clickjacking fraud mechanism. Alexander devoted a reasonably large part of his speech to the problem of password cracking and the consequences of this cracking. Alexander stressed that it is essential to understand if a database leak occurs, the main thing, in this case, is a) eliminate the source of the leak, b) disable hash, and c) ask users to change ALL passwords to deprive attackers of the opportunity to use the information received. The human factor is vital in the process of protecting a project from hacking. Quite often, you have to deal with the fact that admins are mistaken. Typical errors of admins are related to the support of programs without preliminary verification, the distribution of production rights to all developers of the company sticking out of memcached. You also need to remember that people can lose flash drives, laptops, phones - devices that store the most essential and valuable information. At the end of his speech, Alexander gave links to those resources where you can read more about WEB security, and here they are: 1. OWASP + testing guide 2. articles and books by Martin Fowler about security 3. https://secure.php.net/manual/ru/secu... 4. Q&A at Stack Exchange involta events - your guide to the IT world 🙂 Vk: https://vk.com/involta Facebook:   / involtalife   Instagram:   / involta