A 4-post collection

Injections, where code meets data

Injections are still one, if not the most serious, flaws a developer can make. This post deconstructs the vulnerability and puts it back together to offer you a solid understanding to build on. After reading it, you will never think of innjections the same way.

Introducing the Labs

Optimal learning happens when theory meets practice. The Securitydrops Labs is designed to give you a training ground to practice your hands-on skills. It gives you a highly configurable web application, where you can play around in a sandbox.

360 view of XSS from the trenches

When a software developer first gets exposed to web security, he will inevitably memorize his first acronym: XSS! It stands for “cross site scripting”, and it is one of the oldest vulnerabilities around. Its origins are way back in the 90’s when Javascript was the new kid on the block. XSS (back then it was CSS) was its evil little brother, and it still thrives on its sibling’s success. One may wonder “Why is it called cross site scripting?

Thinking like an attacker

The best defense is a good offense! See things from your enemy’s point of view! It takes a thief to catch a thief! All great advice, however, it is a bit hard to utilize them without knowing the context in which they apply. The goal of this post is to provide that context. Who are the attackers? What are their goals? Where are they? That’s what we will cover! Who is the attacker?