codepathreview
commented
7 years ago Hello Tsz Him,
👍 Nice work! Now that we've been exploring XSS and SQL injection attacks, hopefully you have more appreciation for the other side of things, which is sanitizing input and output to defend against these attacks. Even though these attacks have existed in the web for many years, it's still incredibly easy to introduce these vulnerabilities, even when using all the latest web frameworks.
Check out recent reported XSS vulnerabilities here. As you can see, there have been over 2 dozen found just in the first few months of 2017 in major brands such as Wordpress, Adobe, Cisco, and Steam.
If you have any particular questions about the assignment or the feedback, email us at universitysupport@codepath.com.
Hello Tsz Him,
👍 Nice work! In order to learn web security, we have to learn the basics of web development. Because web development isn't the goal of this course, everyone will receive the same UI score, so you can focus on the security aspects of the course.
We're using PHP because Facebook is sponsoring this course, but it's also the easiest framework to demonstrate some of these security issues. PHP without a framework is very similar to Sinatra (Ruby) or Flask (Python), which are two very popular barebones web frameworks. Modern PHP with a framework is very similar to Rails and Django. All of the tasks in the weekly projects are very similar and applicable to what you would need to do in Ruby or Python.
The purpose of this assignment was to explore the following concepts:
To evaluate your understanding this week, you should try to answer the following questions:
If you have any particular questions about the assignment or the feedback, email us at universitysupport@codepath.com.