SQL Injection and XSS
Securing web application is critically important, as web vulnerabilities often provide the initial attack vector to gain access to a target network. Hence, it is critically important to use good programming practices (e.g., the use of prepared statements for database queries) when implementing web applications. This lesson provides an overview of two security vulnerabilities that are often present in web applications – SQL injection and cross-site scripting (XSS). It also covers their mitigation and other techniques to provide defense-in-depth for security.
Learning Objectives
- Describe the following vulnerabilities:
- SQL injection
- Cross-site scripting (XSS)
- Identify techniques to prevent SQL injection and XSS
How to Complete this Lesson
- Watch Introduction to Information Assurance (IA)
(15 minutes)
- Note: This video is from 605.731 Survey of Cloud Computing Security, a course that I developed for Johns Hopkins University
- Sign the acknowledgement regarding offensive cyber techniques (5 minutes)
- Watch SQL Injection from the OWASP Appsec Tutorial Series (10 minutes)
- Complete the SQL injection exercise (5–10 minutes)
- Watch Cross Site Scripting (XSS) from the OWASP Appsec Tutorial Series (10 minutes)
- Complete the XSS exercise (5–10 minutes)
- Reply to one of your classmates’ posts in the discussion forum (30 minutes)
- Continue work on the project website
(90 minutes)
- Complete the implementation of the initial web page
- Start implementing additional pages
Due
As a reminder, the following is due this lesson: