Web security
Introduction to web security
Web application are built on top of HTTP, which is a stateless protocol that has only weak authe...
Cross Site Scripting (XSS)
Cross site scripting is a vulnerability by means of which client-side code can be injected in a p...
SQL injection
SQL injection is a web security vulnerability that allows an attacker to interfere with the queri...
Cookies and sessions
HTTP is stateless and almost uniderectionl. Web application, on the other hand, need to keep a st...
Cross-Site Requests Forgery (CSRF)
Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an at...
Other vulnerabilities
Freudian slips (information leaks) Dettailed error messages Display user-supplied data in errors...
Exercises on web security
2021-2022 Demo exam exercise 4 (6 points) LetsComplain is a new website for students and profs. S...