Web Security: Introduction
Web security is essential to protect data, users and applications. Understanding common vulnerabilities is the first step to defend against them.
Common Vulnerabilities (OWASP Top 10)
1. SQL Injection
php
// ❌ WRONG
$query = "SELECT * FROM users WHERE id = $_GET['id']";
// ✅ CORRECT (prepared statements)
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = :id');
$stmt->execute(['id' => $id]);2. XSS (Cross-Site Scripting)
javascript
// ❌ WRONG
element.innerHTML = userInput;
// ✅ CORRECT
element.textContent = userInput;3. CSRF (Cross-Site Request Forgery)
Use CSRF tokens to protect forms:
html
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['token']; ?>">Security Best Practices
- Always validate input - Never trust user data
- Use HTTPS - Encrypt communications
- Update dependencies - Keep software and libraries up to date
- Password hashing - Use
password_hash()in PHP - Configured CORS - Limit allowed origins
Useful Tools
- Burp Suite - Security testing
- OWASP ZAP - Vulnerability scanner
- Nmap - Network scanning
- SQLMap - SQL injection testing
Conclusion
Security is not optional. Every developer must know common vulnerabilities and implement appropriate defenses.