Overview
Syllabus
Intro
SQL Injection Attack - Example
SQL Injection Attack - Solution
Parameterization References
Anatomy of a XSS Attack
Context Matters!
XSS Defense by Data Type and Context
HTML Body Context
HTML Attribute Context
HTTP GET Parameter Context
URL Context
JavaScript Variable Context
JSON Parsing Context
DOM-Based XSS Defense
Encoding Libraries
Encode Data Tools
Regular Expressions
Validating File Uploads
Input Validation References
Input Validation Tools
CWE "Monster Mitigations"
Conclusion: Ask Two Questions
Apache Shiro Architecture
Code to the Activity with Shiro
Access Control in the Browser
Access Controls References
Access Controls Tools
The Basic Hash is Dead
Password Guidance 3a
Password Guidance 3b
Password Policy
Universal 2nd Factor (U2F) protocol