Protection against session fixation attacks

In this article I will discuss how to prevent session fixation attack.

If you do not have clear understanding of Session Fixation attack then first go through the Wikipedia page on Session Fixation at following link: http://en.wikipedia.org/wiki/Session_fixation

Continue reading

Advertisements

Implementing Secure File Upload

This post is about building a set of defensive layer around the process of uploading the file. File upload is a very critical process and often exploited by the hackers. The consequences of a successful file upload exploit could be complete disclosure of the source code of the target application or malware infection of the server.

There are 2 ways to store the uploaded file – in file system or in database. Here I will discuss pros and cons of both the approaches and also demonstrate how to implement secure file upload in PHP.

Continue reading