Join Kevin Skoglund for an in-depth discussion in this video Labeling variables, part of Foundations of Programming: Web Security.
…Once we sanitize our data, we need to keep track of it.…And more importantly, before we've sanitized it, we…want it clearly labeled as being potentially dangerous.…We can use variable names as labels to help us to keep track.…The idea is to simply use variable names…in order to identify the condition of the data.…The variable name will include a term like dirty, raw,…tainted, or unsafe for anything that has not yet been sanitized.…And after we sanitize it, we'll give it a new…variable name, which might include clean, filtered, sanitized, or safe.…
I'm sure you can think of others as well.…Let me show you an example. I'll do this one using PHP.…Let's say that we're getting in something from a form that's…an email address, so it comes in as a post request.…When we assign that to an internal variable,…we can assign it to something called raw_email.…The fact that it has raw in front of it,…lets us know that it has not yet been sanitized.…After we sanitize it, then we can assign it to a new…variable name called safe_email, and that'll…
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
1. Security Overview
2. General Security Principles
3. Filtering Input, Controlling Output
4. The Most Common Attacks
5. Encryption and User Authentication
6. Other Areas of Concern
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.