■ Hardening your web server to stop the riff-raff

■ How to prevent all flavors of injection attacks

■ Securing the authentication process

■ Serious cheat sheets for XSS and CSRF prevention

■ Preventing SET-based attacks: user education is your only chance

Introduction

While exploits and payloads garner the most attention from the hacking community, very few of you will get to play the role of the hacker without having to also consider how to fix the vulnerabilities.

Most professions that involve ethical hacking also require specifying and implementing mitigation strategies to help prevent the attacks in the future. Just as our approach targets the web server, the web application, and the web user, it also includes the ...