Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>I'd recommend checking out the OWASP Top 10: <a href="http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf" rel="nofollow noreferrer">http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf</a></p> <blockquote> <p>The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. </p> </blockquote> <p>To verify your SSL configuration, you can try <a href="https://www.ssllabs.com/ssldb/index.html" rel="nofollow noreferrer">https://www.ssllabs.com/ssldb/index.html</a>.</p> <p>If you're curious about the sheer variety of attacks, check out Jeremiah Grossman's post titled <a href="http://jeremiahgrossman.blogspot.com/2011/01/top-ten-web-hacking-techniques-of-2010.html" rel="nofollow noreferrer">Top Ten Web Hacking Techniques of 2010</a> and scroll down until you see "The Complete List".</p> <p>If you want to fire off a few web app vulnerability scans tools to catch the low hanging fruit you can try: </p> <ul> <li>skipfish: <a href="http://code.google.com/p/skipfish/" rel="nofollow noreferrer">http://code.google.com/p/skipfish/</a> (free)</li> <li>netsparker community: <a href="http://www.mavitunasecurity.com/communityedition/" rel="nofollow noreferrer">http://www.mavitunasecurity.com/communityedition/</a> (free)</li> <li><em>look here for more</em> <a href="https://security.stackexchange.com/questions/32/what-tools-are-available-to-assess-the-security-of-a-web-application/">https://security.stackexchange.com/questions/32/what-tools-are-available-to-assess-the-security-of-a-web-application/</a></li> </ul> <p>If you're really concerned about security then adopting a secure development plan and working with someone trained in app security would obviously boost your confidence things are being done right.</p> <p>Regarding development, you may like the ideas presented in Microsoft's simplified SDL:</p> <blockquote> <p>"The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development."</p> <p>"The process outlined in this paper sets a minimum threshold for SDL compliance. That said, organizations aren’t uniform – development teams should apply the SDL in a way that is suitable to the human talent and resources available, but doesn’t compromise organizational security goals."</p> </blockquote> <p>Also it is important to note automated vulnerability scan tools fail to identify most logical vulnerabilities so don't rely solely on automated tools. For example (taken from OWASP):</p> <blockquote> <p>"Setting the quantity of a product on an e-commerce site as a negative number may result in funds being credited to the attacker. The countermeasure to this problem is to implement stronger data validation, as the application permits negative numbers to be entered in the quantity field of the shopping cart."</p> </blockquote> <p>Human intelligence is key to spot logical issues.</p> <p>Security is also all about maintenance. Assigning someone or a team the responsibility to astutely play continuous defense is important.</p> <p><strong>Note</strong>: Encrypting the passwords doesn't imply infallible security. Dictionary/password lists/brute force attacks work all the time to reveal weak passwords. A very common attack is to use SQL injection to dump the user table (with password hashes) then use a password cracker to discover legitimate user/password pairs. </p>
    singulars
    1. This table or related slice is empty.
    1. POSecurity for Web Apps
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USCommunity
    1. USTate Hansen
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTDownMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload