Peteris Krumins has pointed out a great lecture from Google TechTalks via his blog. This one, called "How Cyber Criminals Steal Money" is a fabulous overview of some common attack vectors.
From Krumins' blog, good coders code, great reuse:
From Krumins' blog, good coders code, great reuse:
This lecture is given by Neil Daswani, who has a Ph.D. from Stanford and currently works at Google as a security engineer. He is also an author of a book entitled "Foundations of Security: What Every Programmer Needs to Know", which teaches you state-of-the-art software security design principles, methodology, and concrete programming techniques you need to build secure software systems.
Neil talks about top three web application vulnerabilities that cybercriminals use to steal money. These three vulnerabilities are:
I was surprised that he did not cover plain, old Cross-Site Scripting (XSS) attacks, but jumped right to dynamic XSS. You'll have to get familiar with this type attack on your own.[From How Cybercriminals Steal Money - good coders code, great reuse]
- SQL Injection attacks,
- Cross-Site Request Forgery (XSRF) attacks,
- and Cross-Site Script Inclusion (XSSI) attacks.
And here is the video:
Leave a comment