Cross Site Forgery, or cross site request forgery (CSRF), is a web based attack where a malicious web site, instant message, email, or program causes the victim’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. For example, let's say I am logged into my bank account, or cookie information is stored from a recent login, and I click on a malicious link. As a result, the link causes me to transfer money from my account (which I am logged into) to the...
With the introduction of a whole new market of mobile devices and tablets, there has never been more of a need for your website content to display across a variety of platforms properly. There is the old tried and true method of using multiple HTML landing pages that utilize JavaScript to redirect you to the appropriate page, then styling the content accordingly or you could make the entire process easier on yourself in the long run by exploring the possibility with CSS3 and media queries. This tutorial...
I recall a project I worked on a few years ago where I was tasked with overseeing the security of a website we were building. When I sat down with the chief programmer I wanted to discuss three types of vulnerabilities with him: cross-site scripting, SQL injection and information leakage. His response was simply, “I don’t know anything about this stuff and I don’t care. That’s your job.” While other web developers I have worked with aren’t generally so curt in their response, I have noticed...
JavaScript went on to become cult right after its launch due to its extensive list of features. It also gave programmers the chance to give their webpages a more eye-popping look and website visitors were happier than ever. Despite the large number of developers that sing the praises of JavaScript, there are those Internet users who see its dark side. Webpages using multiple JavaScript codes are slow to load and overuse of JavaScript contributes to making webpages look cluttered and ugly. In no time...
There are times when we are so anxious to jump into creating something new that we forget to cover the basics. For web developers it is important, actually vital, to have the ability to test your projects locally before they go live. While much of the web relies on a Linux, Apache, MySQL, PHP stack, or LAMP, to power applications and dynamic websites, not everyone codes in a Linux environment. Those who prefer Windows can still replicate how their code will work by using WAMP to replicate a live web environment...