security

ankurjuneja · May 21, 2021 · fd0eb3a · fd0eb3a
1 parent 91d4394
commit fd0eb3a
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -8,6 +8,7 @@
   - [Stack](https://github.com/ankurjuneja/React-Java-Concepts/blob/master/DataStructures/Stack.md)
   - [Multithreading](https://github.com/ankurjuneja/React-Java-Concepts/blob/master/Java/Multithreading.md)
 - Web
+  - [Security](https://github.com/ankurjuneja/React-Java-Concepts/blob/master/Web-Issues-And-Monitoring/ApplicationSecurity.md)
   - [Common Issues](https://github.com/ankurjuneja/React-Java-Concepts/blob/master/Web-Issues-And-Monitoring/Common.md)
   - [Concepts](https://github.com/ankurjuneja/React-Java-Concepts/blob/master/Web-Issues-And-Monitoring/Concepts.md)
 
diff --git a/Web-Issues-And-Monitoring/ApplicationSecurity.md b/Web-Issues-And-Monitoring/ApplicationSecurity.md
@@ -0,0 +1,10 @@
+**SQL injection**
+- what? insertion/injection of a sql query via the input data from the client/UI to the application/backend.
+- harm - attacker can read/modify sensitive data in database, execute administration operations on db.
+- how to prevent? use of prepared statements, use of stored procedures, allow-list input validation and 
+  escaping all user-supplied input.
+
+**XSS**
+- what?
+    - type of injection attack in which attacker uses a web application to send malicious code to a different user.
+    - attacker uses XSS to send malicious script to an unsuspected user.