To understand how Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols works, you must first understand certain basic concepts. The primary mechanism used by SSL/TLS is asymmetric encryption with cipher suites. These and related terms are explained below. Encryption Encryption is the process…
Author Archives Agathoklis Prodromou
THE AUTHOR
Agathoklis Prodromou
Web Systems Administrator/Developer
Web Systems Administrator/Developer
TLS Security 6: Examples of TLS Vulnerabilities and Attacks
The Secure Sockets Layer (SSL) and the Transport Layer Security (TLS) cryptographic protocols have had their share of flaws like every other technology. The following are major vulnerabilities in TLS/SSL protocols. They all affect older versions of the protocol (TLSv1.2 and older). At the time…
TLS Security 2: A Brief History of SSL/TLS
The Secure Sockets Layer (SSL) protocol was first introduced by Netscape in 1994. The Internet was growing and there was a need for transport security for web browsers and for various TCP protocols. Version 1.0 of SSL was never released because it had serious security…
Exploiting SQL Injection: a Hands-on Example
In this series, we will be showing step-by-step examples of common attacks. We will start off with a basic SQL Injection attack directed at a web application and leading to privilege escalation to OS root. SQL Injection is one of the most dangerous vulnerabilities a…
PHP Security Part 5: Top Tips
This final part in the series on PHP security concludes with tips for building a web application/system with security in mind. There are certain things which if done during the development cycle of a web application, will dramatically help reduce the risk of being exposed…
PHP Security Part 4: Input Validation and PHP Configuration
Validation Validation is the process in which data is checked against specific criteria/specification. It is being used to check if the information given by a user is in the expected/correct format before it is processed. Validation is very important as if used correctly, it allows…
PHP Security Part 3: XSS and Password Storage
When developing a web application, it is extremely important to have security in mind and be aware of the different risks. If one does not know the risks and the mechanics behind each vulnerability, there is no way to protect against it. In Parts 1…
PHP Security Part 2: Directory Traversal & Code Injection
Most web vulnerabilities are a result of bad coding habits or lack of PHP security awareness by developers. The source of probably all of them relies in the fact that user input, which plays a critical role in the security of a web application, is…
PHP Security: The Big Picture
Whether your site is the web presence for a large multinational, a gallery showing your product range and inviting potential customers to come into the shop, or a personal site exhibiting your holiday photos, web security always matters. No matter what programming language you use…