StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>No tests can detect loop holes better then the person who is in team of development.</p> <p><strong>Risks are in Standard Products</strong></p> <p>For example, the majority of attacks comes on open source systems, and standard products as part of simple guess that if you are using WordPress, and if any php script can cause sql injection attack then ofcourse your website can be attacked easily.</p> <p><strong>Custom developped software is safe as long as...</strong></p> <ol> <li>Directory browsing is turned off like no one should be able to crawl your pages unless you intend to</li> <li>Open source, or standard tools like, SQL Server, WordPress or any such third party tool should not be left open on end client</li> <li>Implement DTO pattern, ie use Data Transfer Objects, consider transimitting data, but not the logic</li> <li>Use token security instead of UI Security, just hinding a ui element from the user is never safe</li> </ol> <p>The biggest of all, your business logic (even the smallest one like login and signup), should and only should execute in your controlled premises.</p> <p>Anything that is not in your premises, any web browser, any mobile client, consider it to be guarenteed danger and then code.</p> <p><strong>Team War</strong></p> <p>Divide your teams, and tell teams to attack and bring down or crack other team's code, as part of testing, always remember that the one who knows your business logic, access locations is more dangerous then any of existing viruses or trojans or network attackers.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload