From 91882aaded8160dbf80344d745e4cc32be0a17cc Mon Sep 17 00:00:00 2001 From: Jet Hughes Date: Thu, 18 Aug 2022 13:49:21 +1200 Subject: [PATCH] vault backup: 2022-08-18 13:49:21 --- content/notes/8-application-security-1.md | 8 +++++++- content/notes/comp-210.md | 3 ++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/content/notes/8-application-security-1.md b/content/notes/8-application-security-1.md index 4fd1fb6aa..754800a20 100644 --- a/content/notes/8-application-security-1.md +++ b/content/notes/8-application-security-1.md @@ -4,6 +4,9 @@ aliases: tags: - comp210 - lecture +sr-due: 2022-08-21 +sr-interval: 3 +sr-ease: 250 --- application development security @@ -149,4 +152,7 @@ Ideally the compiler or runtime should be able to detect these and throw an erro ## command injection -## cross site scripting \ No newline at end of file +## cross site scripting +second order attack - inject redirect as data will be displayed on other users webpages +- session id is as good as username and passoword + diff --git a/content/notes/comp-210.md b/content/notes/comp-210.md index e25598c0a..a251be99e 100644 --- a/content/notes/comp-210.md +++ b/content/notes/comp-210.md @@ -31,4 +31,5 @@ No final exam - [04-authentication-authorisation-passwords](notes/04-authentication-authorisation-passwords.md) - [05-cryptography](notes/05-cryptography.md) - [06-hashing-binary-public-key-cryptography](notes/06-hashing-binary-public-key-cryptography.md) -- [07-cryptography-applications](notes/07-cryptography-applications.md) \ No newline at end of file +- [07-cryptography-applications](notes/07-cryptography-applications.md) +- [8-application-security-1](notes/8-application-security-1.md) \ No newline at end of file