Join Kevin Skoglund for an in-depth discussion in this video Regular expression flaws, part of Foundations of Programming: Web Security.
- In this movie, we'll talk about why regular expressions…are a major security concern.…There's a great quote by Jamie Zawinski that says,…"Some people, when confronted with a problem,…"think 'I know, I'll use regular expressions.'…"Now they have two problems."…This has become a very popular and famous quote…because everyone who's worked with regular expressions…before can relate to it.…They can be difficult to get just right…and because of that, we have to view regular expressions…with extreme suspicion in our application.…You should treat all of them as security weak points.…
Why are regular expressions suspect?…Well, because regular expressions use simple symbols…to represent complex ideas but there are nuances…to some of those ideas that aren't obvious…by just looking at the symbol.…The more complicated your expression is, the weaker it is.…But it doesn't have to be complicated in order to be flawed.…Let me show you three very common mistakes…to illustrate this point.…First, let's imagine that I want to make sure that…
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
1. Security Overview
2. General Security Principles
3. Filtering Input, Controlling Output
4. The Most Common Attacks
5. Encryption and User Authentication
6. Other Areas of Concern
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.