4.3 KiB
4.3 KiB
Sicherheit von Webanwendungen
Literatur
- SQL Injection Attacks by Example
- Christopher Kunz, Stefan Esser: PHP-Sicherheit: PHP/MySQL-Webanwendungen sicher programmieren. 3. Auflage. dpunkt.verlag, Heidelberg 2008, ISBN 978-3898-6453-55.
Shownotes
- WP: Symmetrisches Multiprozessorsystem (SMP)
- perf
- Interview mit Kernelentwicklern
- Code Injection
- ReDoS
- RegExInjection (PDF-Datei)
- WP: HTTP
- WP: SQL-Injection
- SQL Injection Attacks by Example
- How can I explain SQL injection without technical jargon?
- OWASP: SQL Injection
- WP: SQL
- WP: Apostroph
- Speed Hashing
- Hashcat
- WP: crypt
- Nikto
- w3af
- Firebug
- iX: Freie Datenbank-Firewall schützt PostgreSQL und MySQL
- Apache ModSecurity
- OWASP: Web Application Firewall (WAF)
- WP: Prepared Statements
- PHP.net: Prepared Statements
- WP: Gespeicherte Prozedur (Stored Procedure)
- OWASP: SQL Injection Prevention Cheat Sheet
- SQL Server 10xs Faster with Rails 3.1
- WP: Firesheep
- Firesheep
- HTTPS Everywhere
- WP: HTTP Strict Transport Security
- RFC 6797 (HTTP Strict Transport Security)
- RFC 2817 (Upgrading to TLS Within HTTP/1.1)
- OWASP: Blind SQL Injection
- Time-Based Blind SQL Injection with Heavy Queries
- NeoInvoice Blind SQL Injection (CVE-2012-3477)
- Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
- Keyczar
- WP: Seitenkanalangriff
- Hot or Not: Revealing Hidden Services by their Clock Skew (PDF)
- WP: Cross-Site-Scripting
- OWASP: XSS
- NoScript.net
- Schadcode bei ilse-aigner.de?
- Heise: Darkleech infiziert reihenweise Apache-Server
Chapter
[00:00.00] Start [00:11:49] Einleitung, Nachtrag zum GCC [00:15:35] Electrolife von Trancendam [01:34:18] SQL Injections [01:39:44] Aren't you clever von Trancendam