Security Training Day 3
My study notes of security training (day 3), including insecure direct references, broken access control, improper input validation, and software best practices.
Security Training Day 2
My study notes of security training (day 2), including some ways of SQL injection, Cross-site scripting (XSS), and XML External Entity (XXE).
Security Training Day 1
My study notes of security training (Day 1), including web thread landscape (Java in particular), security tools, and some Juice shop training answers.
Intercept HTTP traffic using ZA Proxy
Today, I'd talk about how to install and configure ZA proxy for intercepting HTTP requests and responses in localhost in macOS.
How to Use Safe HTML in GWT
Today, I would like to share with you about how to secure your GWT application
by using package com.google.gwt.safehtml. After reading this post, you’ll
understand how to:
- Secure HTML using
SafeHtml - Secure URI using
SafeUri - Secure CSS using
SafeStyles
Web App Security - Review 1
My review note about book "Web Application Security: A Beginner's Guide", written by Bryan Sullivan and Vincent Liu.