📌
Software Security
  • README
  • Prerequisites
    • Prerequisites
  • Introduction
    • Cyber security principles
    • Basic web concepts
      • HTTP
      • JavaScript
      • Cookies
      • SQL
      • DOM
      • APIs and the multitier architecture
    • Basic browser security concepts
      • Same-Origin Policy (SOP)
      • Cross-Origin Resource Sharing (CORS)
      • Cookies
      • Tracking
    • Basic security concepts
      • Hashing
  • Access Control: Basics
    • Authentication
      • Passwords
      • Password managers
      • Attacking passwords - online
      • Attacking passwords - offline
    • Authorization
      • Insecure direct object references
    • Session Management
    • CSRF
      • CSRF: why & how it works
      • Protecting against CSRF attacks
    • SSRF
      • SSRF: how it works and how we can protect against it
  • Access Control: Advanced
    • Authentication
      • Federation
      • Alternative authentication mechanisms
      • FIDO2 and WebAuthn
  • Injection attacks
    • Injection attacks
    • SQL Injection
    • Command Injection
    • Cross-site scripting
      • Input validation
      • Context sensitive output encoding
      • About the HttpOnly flag
      • Content Security Policy
    • Subresource integrity
    • Sandboxing
  • HTTPS
    • HTTPS
    • Introduction to cryptography
    • PKI
    • Setting up HTTPS
    • References
  • HTTP Headers for security
    • HTTP Headers
  • Threat Modeling
    • Threat modeling introduction
    • Threat modeling basics
    • Inspiration for threats
  • Bringing it all together
    • A comprehensive overview of controls
Powered by GitBook
On this page
  • Welcome
  • Source attribution examples
  • Numbering convention

Was this helpful?

README

Welcome

Welcome to the Software Security gitbook. This book should help you in maintaining the overview of the course and provide you with a written form of the course contents. I will be copying information from Wikipedia, the MDN, or the OWASP websites. Their licenses are as follows:

  • MDN: licensed under CC-BY-SA 2.5

  • OWASP: FLOSS license

  • Wikipedia: licensed under CC-BY-SA 3

These sources allow copying information as long as they are attributed.

Pages that do not contain a source attribution are my own and are released under CC-BY-SA 4.0 .

Never attempt to hack systems that are not your own (including the server infrastructure) unless you get a written permission first. Hacking is prohibited by law.

Source attribution examples

Some parts of this page are based on [Cryptographic hash function](https://en.wikipedia.org/wiki/Cryptographic_hash_function) by Wikipedia, which is licensed under [CC-BY-SA 3](https://en.wikipedia.org/wiki/Wikipedia:Text_of_Creative_Commons_Attribution-ShareAlike_3.0_Unported_License).

Some parts of this page are based on [SQL](https://developer.mozilla.org/en-US/docs/Glossary/SQL) by Mozilla Contributors, which is licensed under [CC-BY-SA 2.5](http://creativecommons.org/licenses/by-sa/2.5/).

Some parts of this page are based on the [OWASP Authentication cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html), which is licensed under [FLOSS](https://owasp.org/about/).

Numbering convention

No spaces are used, no hyphens, no underscores, no capital letters.

  • Book groups/parts are folders containing a three digit number (e.g. 000)

  • Chapters are folders containing a three digit number (e.g. 000)

    • Chapters are introduced using an 000intro.md file in the chapter folder

    • Subchapters are files containing a three digit number

NextPrerequisites

Last updated 5 years ago

Was this helpful?