Unix is an incredibly well-designed operating system. After all, it cannot be a coincidence that not only Linux distros but Mac OS X also runs on it. Unix comes with excellent security features, customizable file permissions are one of them. Unix file permissions allow you to define who can read, write, and execute each file on your system. If you have a WordPress site or use a Linux server with another type of site you will find this tutorial useful. Web hosts usually allow users to change Unix file...
Web applications remain the largest security risk for any company. The reason is two-fold. First, most software services have moved to a web based environment giving malicious hackers a much larger landscape to attack. Second, most organizations put a majority of their resources, i.e. dollars and manpower, into network and perimeter security leaving the web unguarded. In most cases, it is up to the web developer to secure sites as best they can. Those who know how to patch known vulnerabilities in...
At this point, only those living under a rock for the past couple of months are unaware that Google has taken on JavaScript with its latest project, the Dart programming language. Dart, originally named Dash, was started to “fix” the problems of JavaScript’s “fundamental flaws that cannot be fixed merely by evolving the language” by meeting the following goals: Create a structured yet flexible language for web programming. Make Dart feel familiar and natural to programmers and thus easy...
Alice created a new social network for snowboarders to promote her company’s new line of boards. Now, a member of the social network can read reviews from other satisfied customers and click a link that brings them right to a shopping cart feature so they can make an easy purchase. Happy with the way things look, and with the thought of all the potential sales, her boss gives her the OK for the site to go live. Mallory visits the network and creates a review of her own. Noticing that she can enter a client-side...
Cross Site Forgery, or cross site request forgery (CSRF), is a web based attack where a malicious web site, instant message, email, or program causes the victim’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. For example, let's say I am logged into my bank account, or cookie information is stored from a recent login, and I click on a malicious link. As a result, the link causes me to transfer money from my account (which I am logged into) to the...
I recall a project I worked on a few years ago where I was tasked with overseeing the security of a website we were building. When I sat down with the chief programmer I wanted to discuss three types of vulnerabilities with him: cross-site scripting, SQL injection and information leakage. His response was simply, “I don’t know anything about this stuff and I don’t care. That’s your job.” While other web developers I have worked with aren’t generally so curt in their response, I have noticed...