why an Opensea Clone Script might be your perfect match.pdf
Web Security: A Journey - UC San Diego
1. net-square UCSD July '15
Web
Security:
A Journey
Saumil Shah
CEO Net Square
UC San Diego – 23 July 2015
2. net-square UCSD July '15
Saumil Shah
@therealsaumil saumilshah
hacker speaker trainer entrepreneur traveler photographer
calligrapher kite-flyer software breaker rebel global
net-square.com
3. net-square UCSD July '15
WE ARE HACKERS
WE PUSH THE
ENVELOPE
WE THRIVE ON
FACTS AND LOGIC..
..AND LATERAL
THINKING
WE QUESTION AND
CHALLENGE AND
WORK ON LIMITED
RESOURCES
7. net-square UCSD July '15
Client/Server vs. Web Apps
Application Protocol
Authentication
Concurrent
Sessions
Data
Representation
DataValidation
Business Logic
Presentation
HTTP
Authentication
Concurrent
Sessions
Data
Representation
DataValidation
Business Logic
Presentation
8. net-square UCSD July '15
Application
Delivery
HTTP
Authentication
Statefulness
Data Types
Data Validation
CGI
HTML
JS
AJAX
Flash
HTML5
Silverlight
Web sockets
Web workers
Local storage
19. net-square UCSD July '15
x=hello&x=world
Web Server Value of x
Apache "world"
IBM HTTP Server "hello"
Domino "world"
IIS "hello, world"
Tomcat "hello"
Python/Zope Array ['hello', 'world']
20. net-square UCSD July '15
Sources of Software Errors
User
Input
Race Condition
Environment
Resource
Exhaustion