Cyber 3 Unit 3 Review Game

Using parameterized statements in your code.

Moving your database to a separate server.

Frequently rotating your database passwords.

Using HTTPS in your website.

Deface your website.

Redirect other users to malicious sites.

Hijack other users' sessions.

Drop important tables in your database.

Escape dynamic content when it is written out in HTML.

Ask the user to disable JavaScript in their browser.

Obfuscate your JavaScript.

Whitelist permitted values for dynamic fields.

Set up a fake website that looks like your site on a copycat domain.

Summoning evil spirits and placing a curse on your database.

Installing malicious code and making your server part of a botnet.

<script>

<iframe>

<center>

<blink>

Validating that a request is generated by a page that is connected to the same website.

Validating a password.

Validating a credit card number the user has entered.

Keep static documents on a separate file system from your executable code.

Making users change their password frequently.

Storing documents in a content management system.

Hiring private security guards to grimace at anyone approaching your servers.

It restricts the harm an attacker could do if they manage to find a way to access the disk through a server vulnerability.

It saves on disk space.

It forces your users to choose complex, less guessable passwords.

Search pages

Pages containing forms

Static pages

Error pages

Untrusted input passed directly to the html(...) function may allow an attacker to inject malicious code in a page.

The user's password may be 'html'.

There is no html(...) function in JQuery.