Security Guide

Lance Pollard edited this page Sep 25, 2012 · 3 revisions
Clone this wiki locally

CSRF (Cross-Site Request Forgery)

SQL Injection

Todo: SQL Injection Cheat-sheet

Mass Assignment

XSS Attacks (Cross-Site Scripting)


  • SSL
  • Password Salts
  • API Key generation
  • Session Key/Secret

Cryptographic Hashes

Used for data integrity.

SHA-2 Hash (Secure Hash Algorithm)

@todo: Pseudocode + LaTeX math demonstrating how this algorithm works.

MD5 Hash

Cryptographic function that produces a 128-bit (16-byte) hash value, typically expressed as a 32-integer hexadecimal number.

A few flaws have been found with this hash.