Pattern 2: Separation of Data Processing and Data Representation

vPierre Sicherheit / Security, Software Development, WWW Leave a Comment

The Processing of data (reading, storing, changing, deleting) should always be done separately from representation logic (e.g., output in the web browser) as well as internal application logic. For this purpose, the so-called model-view-controller pattern (MVC) has become established in recent years. Applications that follow the MVC pattern consist of one or more …

Pattern 1: Prevent Injections, XSS and CSRF Vulnerabilities!

vPierre Sicherheit / Security, Software Development, WWW Leave a Comment

Injection, XSS and CSRF vulnerabilities are the most common vulnerabilities in web applications and continue to be the most used gateway for cybercriminals. A successfully exploited vulnerability allows attackers to access and manipulate sensitive data from our customers, accessing our web servers and databases or even to permanently damage our …