There was a time when Netscape and Internet Explorer were the only browsers a web developer had to worry about. But in those days, a website primarily consisted of some text, a few images and some hyperlinks. Remember, tables were still all the rage back then. Nowadays a user may have a few different browsers to choose from, multiple computers running different screen resolutions, a tablet device and a smartphone. And websites, they are a bit more complex than the good old static days. So to meet the needs...
Cross Site Forgery, or cross site request forgery (CSRF), is a web based attack where a malicious web site, instant message, email, or program causes the victim’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. For example, let's say I am logged into my bank account, or cookie information is stored from a recent login, and I click on a malicious link. As a result, the link causes me to transfer money from my account (which I am logged into) to the...
I recall a project I worked on a few years ago where I was tasked with overseeing the security of a website we were building. When I sat down with the chief programmer I wanted to discuss three types of vulnerabilities with him: cross-site scripting, SQL injection and information leakage. His response was simply, “I don’t know anything about this stuff and I don’t care. That’s your job.” While other web developers I have worked with aren’t generally so curt in their response, I have noticed...
There are times when we are so anxious to jump into creating something new that we forget to cover the basics. For web developers it is important, actually vital, to have the ability to test your projects locally before they go live. While much of the web relies on a Linux, Apache, MySQL, PHP stack, or LAMP, to power applications and dynamic websites, not everyone codes in a Linux environment. Those who prefer Windows can still replicate how their code will work by using WAMP to replicate a live web environment...