{"id":174,"date":"2008-05-02T20:46:33","date_gmt":"2008-05-03T01:46:33","guid":{"rendered":"http:\/\/www.wiredprairie.us\/blog\/index.php\/archives\/174"},"modified":"2008-05-02T20:46:33","modified_gmt":"2008-05-03T01:46:33","slug":"top-10-web-security-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.wiredprairie.us\/blog\/index.php\/archives\/174","title":{"rendered":"Top 10 web security vulnerabilities"},"content":{"rendered":"<p>Check out the top 10 for 2007 security vulnerabilities for web applications presentation <a href=\"http:\/\/www.owasp.org\/images\/b\/b8\/Education_Module_OWASP_Top_10_Introduction_and_Remedies.ppt\" target=\"_blank\">here<\/a> (available as a PowerPoint presentation).<\/p>\n<p>The top 10 is:<\/p>\n<ol>\n<li>Cross site scripting (XSS)<\/li>\n<li>Injection flaws<\/li>\n<li>Insecure remote file include<\/li>\n<li>Insecure direct object reference<\/li>\n<li>Cross site request forgery (CSRF)<\/li>\n<li>Information leakage and improper error handling<\/li>\n<li>Broken authentication and session management<\/li>\n<li>Insecure cryptographic storage<\/li>\n<li>Insecure communications<\/li>\n<li>Failure to restrict URL Access<\/li>\n<\/ol>\n<p>If you&#8217;re a web developer, do you know what each of these mean and whether your code is vulnerable? If not, <strong>you need to know.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Check out the top 10 for 2007 security vulnerabilities for web applications presentation here (available as a PowerPoint presentation). The top 10 is: Cross site scripting (XSS) Injection flaws Insecure remote file include Insecure direct object reference Cross site request forgery (CSRF) Information leakage and improper error handling Broken authentication and session management Insecure cryptographic [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pd5QIe-2O","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":170,"url":"https:\/\/www.wiredprairie.us\/blog\/index.php\/archives\/170","url_meta":{"origin":174,"position":0},"title":"CSRF &#8211; yet another security issue you should worry about NOW.","date":"April 29, 2008","format":false,"excerpt":"Read this. CSRF (wikipedia), a cross-site request forgery, is one of the most recent and under-publicized attacks on the web. It boils down to a user browsing to a web site, downloading a web page, and unknowingly, submitting requests to other web servers, usually with malicious intent. The example linked\u2026","rel":"","context":"In &quot;Coding&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":368,"url":"https:\/\/www.wiredprairie.us\/blog\/index.php\/archives\/368","url_meta":{"origin":174,"position":1},"title":"Do we really need another Javascript framework for UI?","date":"June 16, 2008","format":false,"excerpt":"From the web site, RoughlyDrafted magazine, Cocoa for Windows + Flash Killer = SproutCore. Apple doesn\u2019t sell ads, it sells hardware. But if the web requires Flash or Silverlight to run, Adobe or Microsoft can either intentionally kill alternative platforms like the Mac (or Linux), or simply make them work\u2026","rel":"","context":"In &quot;Coding&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1576,"url":"https:\/\/www.wiredprairie.us\/blog\/index.php\/archives\/1576","url_meta":{"origin":174,"position":2},"title":"Nest Thermostat Review, Update #10: Wifi Settings Missing","date":"March 24, 2012","format":false,"excerpt":"One more brief update about our Nest thermostats. After a few weeks of limited use of our HVAC system due to a very unusually warm late winter and early spring, I\u2019d set the whole house to AWAY mode last evening. However, a bit later, I heard the furnace running. Odd.\u2026","rel":"","context":"In &quot;Recommendations&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":80,"url":"https:\/\/www.wiredprairie.us\/blog\/index.php\/archives\/80","url_meta":{"origin":174,"position":3},"title":"What does it take to make a rock star software developer?","date":"April 8, 2008","format":false,"excerpt":"From ReadWriteWeb, \"Top 10 Traits of a Rockstar Software Engineer.\" See the full post for the details of each point. Loves To Code Gets Things Done Continuously Refactors Code Uses Design Patterns Writes Tests Leverages Existing Code Focuses on Usability Writes Maintainable Code Can Code in Any Language Knows Basic\u2026","rel":"","context":"In &quot;Coding&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1508,"url":"https:\/\/www.wiredprairie.us\/blog\/index.php\/archives\/1508","url_meta":{"origin":174,"position":4},"title":"Nest Thermostat Review, Update #9","date":"January 22, 2012","format":false,"excerpt":"Summary\/Index When I woke up this morning, I decided that I\u2019d use the remote features of my Nest Thermostat to increase the temperature of the first floor as the normal schedule hadn\u2019t started yet. Here\u2019s what I saw on my iPad: Basement: ? First Floor: ? When I tapped the\u2026","rel":"","context":"In &quot;General&quot;","img":{"alt_text":"image","src":"https:\/\/i0.wp.com\/www.wiredprairie.us\/blog\/wp-content\/uploads\/2012\/01\/image23.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":917,"url":"https:\/\/www.wiredprairie.us\/blog\/index.php\/archives\/917","url_meta":{"origin":174,"position":5},"title":"Tom Bihn Smart Alec Backpack Review","date":"March 10, 2010","format":false,"excerpt":"I recently purchased a Tom Bihn Smart Alec Backpack. Tonight, I put it back in its original shipping box and will be shipping it back to Tom Bihn tomorrow. I wanted to review the bag here on my web site to provide some unbiased and alternative opinions to this bag\u2026","rel":"","context":"In &quot;Recommendations&quot;","img":{"alt_text":"IMG_0329","src":"https:\/\/i0.wp.com\/www.wiredprairie.us\/blog\/wp-content\/uploads\/2010\/03\/IMG_0329.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.wiredprairie.us\/blog\/index.php\/wpjson\/wp\/v2\/posts\/174"}],"collection":[{"href":"https:\/\/www.wiredprairie.us\/blog\/index.php\/wpjson\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wiredprairie.us\/blog\/index.php\/wpjson\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wiredprairie.us\/blog\/index.php\/wpjson\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wiredprairie.us\/blog\/index.php\/wpjson\/wp\/v2\/comments?post=174"}],"version-history":[{"count":0,"href":"https:\/\/www.wiredprairie.us\/blog\/index.php\/wpjson\/wp\/v2\/posts\/174\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wiredprairie.us\/blog\/index.php\/wpjson\/wp\/v2\/media?parent=174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wiredprairie.us\/blog\/index.php\/wpjson\/wp\/v2\/categories?post=174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wiredprairie.us\/blog\/index.php\/wpjson\/wp\/v2\/tags?post=174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}