Security

Security Training Day 3

My study notes of security training (day 3), including insecure direct references, broken access control, improper input validation, and software best practices.

Security Training Day 2

My study notes of security training (day 2), including some ways of SQL injection, Cross-site scripting (XSS), and XML External Entity (XXE).

Security Training Day 1

My study notes of security training (Day 1), including web thread landscape (Java in particular), security tools, and some Juice shop training answers.

Intercept HTTP traffic using ZA Proxy

Today, I'd talk about how to install and configure ZA proxy for intercepting HTTP requests and responses in localhost in macOS.

How to Use Safe HTML in GWT

Today, I would like to share with you about how to secure your GWT application by using package com.google.gwt.safehtml. After reading this post, you’ll understand how to:

  • Secure HTML using SafeHtml
  • Secure URI using SafeUri
  • Secure CSS using SafeStyles

Web App Security - Review 1

My review note about book "Web Application Security: A Beginner's Guide", written by Bryan Sullivan and Vincent Liu.