From fd0eb3a899a9cda90c8cc33f1306b94c8ef73bc8 Mon Sep 17 00:00:00 2001 From: ankurjuneja Date: Fri, 21 May 2021 13:22:53 -0700 Subject: [PATCH] security --- README.md | 1 + Web-Issues-And-Monitoring/ApplicationSecurity.md | 10 ++++++++++ 2 files changed, 11 insertions(+) mode change 100644 => 100755 README.md create mode 100644 Web-Issues-And-Monitoring/ApplicationSecurity.md diff --git a/README.md b/README.md old mode 100644 new mode 100755 index 069604b..716d72a --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ - [Stack](https://github.com/ankurjuneja/React-Java-Concepts/blob/master/DataStructures/Stack.md) - [Multithreading](https://github.com/ankurjuneja/React-Java-Concepts/blob/master/Java/Multithreading.md) - Web + - [Security](https://github.com/ankurjuneja/React-Java-Concepts/blob/master/Web-Issues-And-Monitoring/ApplicationSecurity.md) - [Common Issues](https://github.com/ankurjuneja/React-Java-Concepts/blob/master/Web-Issues-And-Monitoring/Common.md) - [Concepts](https://github.com/ankurjuneja/React-Java-Concepts/blob/master/Web-Issues-And-Monitoring/Concepts.md) diff --git a/Web-Issues-And-Monitoring/ApplicationSecurity.md b/Web-Issues-And-Monitoring/ApplicationSecurity.md new file mode 100644 index 0000000..8b8aead --- /dev/null +++ b/Web-Issues-And-Monitoring/ApplicationSecurity.md @@ -0,0 +1,10 @@ +**SQL injection** +- what? insertion/injection of a sql query via the input data from the client/UI to the application/backend. +- harm - attacker can read/modify sensitive data in database, execute administration operations on db. +- how to prevent? use of prepared statements, use of stored procedures, allow-list input validation and + escaping all user-supplied input. + +**XSS** +- what? + - type of injection attack in which attacker uses a web application to send malicious code to a different user. + - attacker uses XSS to send malicious script to an unsuspected user. \ No newline at end of file