Web application security fundamentals

These pages cover the core concepts behind the gritty details of how web applications work and common ways that web applications are compromised. For information on how to actually protect against attacks, see Web Application Checklists and Web Application Best Practices.

Security for web applications can feel like an endless pit of distraction: you can always learn more and there are always new attacks. However, learning the core basics of how cookies and javascript work will help you naturally write more secure code and also make you a better web developer.

• Abusing Cookies: The surprisingly true tale of how cookies really work and all the ways in which they can be abused by attackers.
• Abusing Filesystems
• Abusing Input: Don't. Trust. The. User. Ever. That is pretty much it.
• Abusing URLs