What is Cross-Site Request Forgery (CSRF)?

Following the previous “you should know” introductions about SQL injection and XSS injection, here is a short introduction to CSRF. I’ll quickly define it with a few examples, then provide solutions to avoid it. CSRF (or XSRF) is an exploit where a malicious application transmits unsolicited requests to another web application in the name of […]

Is my router affected by the Heartbleed Bug?

A few days ago, a catastrophic security vulnerability with OpenSSL dubbed the “heartbleed bug” was disclosed by a Google employee. I will not go in the details since this article offers a fantastic explanation, but let’s just say it’s quite a big deal, and a lot of applications are affected. Most sites have already started […]

What is XSS injection?

XSS injection (XSS stands for Cross-Site Scripting) works a bit like SQL injection: improperly sanitized user-submitted data is used to alter the application’s functionality. Instead of altering SQL queries, XSS injection alters HTML and JavaScript. For example, a hacker could leave the following comment on a vulnerable site: <script>alert(‘Your site was hacked!’);</script> When the site […]

What is SQL injection?

SQL injection allows a hacker to inject malicious SQL statement by exploiting improperly sanitized queries. It is by far one of the most common attack vectors, and was used in several famous exploits. For example, let’s say we use user-submitted form data to check a user’s credentials: sqlQuery = ” SELECT * FROM users WHERE […]

How to edit commits and erase mistakes from git history

Although I always take the right measures to keep my database passwords to myself, I’ll sometimes accidentally push a settings file with a little bit too much information and only notice a few commits later. Fortunately, I always notice before other people start pulling my work from the public repo. In this tutorial, I will […]