66 lines
4.3 KiB
Org Mode
66 lines
4.3 KiB
Org Mode
|
|
||
|
* Sicherheit von Webanwendungen
|
||
|
|
||
|
** Literatur
|
||
|
- [[http://unixwiz.net/techtips/sql-injection.html][SQL Injection Attacks by Example ]]
|
||
|
- Christopher Kunz, Stefan Esser: PHP-Sicherheit:
|
||
|
PHP/MySQL-Webanwendungen sicher
|
||
|
programmieren. 3. Auflage. dpunkt.verlag, Heidelberg 2008, ISBN
|
||
|
978-3898-6453-55.
|
||
|
|
||
|
** Shownotes
|
||
|
- [[https://de.wikipedia.org/wiki/Symmetrisches_Multiprozessorsystem][WP: Symmetrisches Multiprozessorsystem (SMP)]]
|
||
|
- [[https://perf.wiki.kernel.org/index.php/Main_Page][perf]]
|
||
|
- [[http://datenkanal.org/index.php?/archives/18-Interview-mit-Kernelentwicklern.html][Interview mit Kernelentwicklern]]
|
||
|
- [[https://www.owasp.org/index.php/Code_Injection][Code Injection]]
|
||
|
- [[https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS][ReDoS]]
|
||
|
- [[http://hauser-wenz.de/playground/papers/RegExInjection.pdf][RegExInjection (PDF-Datei)]]
|
||
|
- [[https://de.wikipedia.org/wiki/HTTP][WP: HTTP]]
|
||
|
- [[https://de.wikipedia.org/wiki/SQL-Injection][WP: SQL-Injection]]
|
||
|
- [[http://www.unixwiz.net/techtips/sql-injection.html][SQL Injection Attacks by Example]]
|
||
|
- [[http://security.stackexchange.com/questions/25684/how-can-i-explain-sql-injection-without-technical-jargon][How can I explain SQL injection without technical jargon?]]
|
||
|
- [[https://www.owasp.org/index.php/SQL_Injection][OWASP: SQL Injection]]
|
||
|
- [[https://de.wikipedia.org/wiki/SQL][WP: SQL]]
|
||
|
- [[https://de.wikipedia.org/wiki/Apostroph][WP: Apostroph]]
|
||
|
- [[http://www.codinghorror.com/blog/2012/04/speed-hashing.html][Speed Hashing]]
|
||
|
- [[http://hashcat.net/oclhashcat-plus/][Hashcat]]
|
||
|
- [[https://en.wikipedia.org/wiki/Crypt_(Unix)][WP: crypt]]
|
||
|
- [[http://www.cirt.net/nikto2][Nikto]]
|
||
|
- [[http://w3af.org/][w3af]]
|
||
|
- [[https://getfirebug.com/][Firebug]]
|
||
|
- [[http://heise.de/-875681][iX: Freie Datenbank-Firewall schützt PostgreSQL und MySQL]]
|
||
|
- [[https://modsecurity.org/][Apache ModSecurity]]
|
||
|
- [[https://www.owasp.org/index.php/Web_Application_Firewall][OWASP: Web Application Firewall (WAF)]]
|
||
|
- [[https://de.wikipedia.org/wiki/Prepared_Statement][WP: Prepared Statements]]
|
||
|
- [[http://php.net/manual/de/mysqli.quickstart.prepared-statements.php][PHP.net: Prepared Statements]]
|
||
|
- [[https://de.wikipedia.org/wiki/Gespeicherte_Prozedur][WP: Gespeicherte Prozedur (Stored Procedure)]]
|
||
|
- [[https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet][OWASP: SQL Injection Prevention Cheat Sheet]]
|
||
|
- [[https://blog.engineyard.com/2011/sql-server-10xs-faster-with-rails-3-1][SQL Server 10xs Faster with Rails 3.1]]
|
||
|
- [[https://de.wikipedia.org/wiki/Firesheep][WP: Firesheep]]
|
||
|
- [[http://codebutler.github.io/firesheep/][Firesheep]]
|
||
|
- [[https://www.eff.org/https-everywhere][HTTPS Everywhere]]
|
||
|
- [[https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security][WP: HTTP Strict Transport Security]]
|
||
|
- [[https://tools.ietf.org/html/rfc6797][RFC 6797 (HTTP Strict Transport Security)]]
|
||
|
- [[https://tools.ietf.org/html/rfc2817][RFC 2817 (Upgrading to TLS Within HTTP/1.1)]]
|
||
|
- [[https://www.owasp.org/index.php/Blind_SQL_Injection][OWASP: Blind SQL Injection]]
|
||
|
- [[http://technet.microsoft.com/en-us/library/cc512676.aspx][Time-Based Blind SQL Injection with Heavy Queries]]
|
||
|
- [[http://adamcaudill.com/2012/08/12/neoinvoice-blind-sql-injection-cve-2012-3477/][NeoInvoice Blind SQL Injection (CVE-2012-3477)]]
|
||
|
- [[http://www.cryptography.com/timingattack/paper.html][Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems]]
|
||
|
- [[http://www.keyczar.org/][Keyczar]]
|
||
|
- [[https://de.wikipedia.org/wiki/Seitenkanalattacke][WP: Seitenkanalangriff]]
|
||
|
- [[http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf][Hot or Not: Revealing Hidden Services by their Clock Skew (PDF)]]
|
||
|
- [[https://de.wikipedia.org/wiki/Cross-Site-Scripting][WP: Cross-Site-Scripting]]
|
||
|
- [[https://www.owasp.org/index.php/XSS][OWASP: XSS]]
|
||
|
- [[http://noscript.net/][NoScript.net]]
|
||
|
- [[http://kubieziel.de/blog/archives/1370-Schadcode-bei-ilse-aigner.de.html][Schadcode bei ilse-aigner.de?]]
|
||
|
- [[http://heise.de/-1833910][Heise: Darkleech infiziert reihenweise Apache-Server]]
|
||
|
|
||
|
|
||
|
|
||
|
** Chapter
|
||
|
[00:00.00] Start
|
||
|
[00:11:49] Einleitung, Nachtrag zum GCC
|
||
|
[00:15:35] Electrolife von Trancendam
|
||
|
[01:34:18] SQL Injections
|
||
|
[01:39:44] Aren't you clever von Trancendam
|