Alexander Pirker

101 Typical Security Pitfalls

A number like 257 silently becomes 1, breaking your cryptography and leaking secrets. Discover the subtle dangers of implicit type casting.

101 Typical Security Pitfalls
#1about 3 minutes

Defining the context of application security

Security is not absolute and must be evaluated based on the application type, environment, data sensitivity, and performance constraints.

#2about 2 minutes

Understanding the impact of major vulnerabilities

Recent widespread vulnerabilities like Log4Shell and Spring4Shell demonstrate the critical need for proactive security in software development.

#3about 3 minutes

Preventing XSS by sanitizing on the backend

Client-side input sanitization is easily bypassed, so all user-provided data must be sanitized on the backend to prevent XSS attacks.

#4about 4 minutes

Preventing remote code execution from poor input validation

Failing to validate input parameters against an allowlist can lead to command injection, allowing an attacker to open a reverse shell.

#5about 4 minutes

Preventing denial of service attacks from service crashes

Supplying malformed data, like a public key of the wrong length, can trigger a panic in a library and cause a denial-of-service attack.

#6about 4 minutes

How data type downcasting can break cryptography

Implicitly downcasting a larger integer to a smaller type like a byte can lead to information leakage by causing index collisions.

#7about 4 minutes

Preventing information leakage from out-of-bounds memory reads

Failing to validate the length parameter in a memory copy operation can lead to an out-of-bounds read, leaking sensitive stack memory.

#8about 3 minutes

Four key principles for writing secure code

Developers should prioritize input data sanitation, careful data type selection, proper memory management, and graceful error handling.

#9about 1 minute

Q&A on common pitfalls and sanitization tools

The most common security pitfall is XSS from frontend bypasses, and DOMPurify is a recommended tool for HTML sanitization.

Related jobs
Jobs that call for the skills explored in this talk.

Job ad Dark

SabIna compys

SabIna compys
Vienna, Austria

Remote
20-100K
Intermediate
JavaScript
.NET
+1

Matching moments

Why developers make basic cybersecurity mistakes
02:26 MIN

Why developers make basic cybersecurity mistakes

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Common security failures beyond individual coding errors
03:27 MIN

Common security failures beyond individual coding errors

Maturity assessment for technicians or how I learned to love OWASP SAMM

Five common cybersecurity mistakes developers make
05:37 MIN

Five common cybersecurity mistakes developers make

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Exploring specific web vulnerabilities and filtering issues
03:17 MIN

Exploring specific web vulnerabilities and filtering issues

WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking

Common web application threats like injection and DoS
02:52 MIN

Common web application threats like injection and DoS

Security in modern Web Applications - OWASP to the rescue!

Key takeaways on IDE and developer tool security
02:28 MIN

Key takeaways on IDE and developer tool security

You click, you lose: a practical look at VSCode's security

Key takeaways on prompt injection security
02:13 MIN

Key takeaways on prompt injection security

Manipulating The Machine: Prompt Injections And Counter Measures

Avoiding common pitfalls like CORS and security risks
03:10 MIN

Avoiding common pitfalls like CORS and security risks

Front-End Micro Apps

Featured Partners

Related Videos

See all videos
Security Pitfalls for Software Engineers27:32

Security Pitfalls for Software Engineers

Jasmin Azemović

Programming secure C#/.NET Applications: Dos & Don'ts33:29

Programming secure C#/.NET Applications: Dos & Don'ts

Sebastian Leuer

Software Security 101: Secure Coding Basics1:58:48

Software Security 101: Secure Coding Basics

Thomas Konrad

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Cross Site Scripting is yesterday's news, isn't it?30:54

Cross Site Scripting is yesterday's news, isn't it?

Martina Kraus

You click, you lose: a practical look at VSCode's security29:47

You click, you lose: a practical look at VSCode's security

Thomas Chauchefoin & Paul Gerste

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes28:01

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Tino Sokic

Hack-Proof The Node.js runtime: The Mechanics and Defense of Path Traversal Attacks27:10

Hack-Proof The Node.js runtime: The Mechanics and Defense of Path Traversal Attacks

Sonya Moisset

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
CH
Chris Heilmann
All the videos of Halfstack London 2024!
Last month was Halfstack London, a conference about the web, JavaScript and half a dozen other things. We were there to deliver a talk, but also to record all the sessions and we're happy to share them with you. It took a bit as we had to wait for th...
All the videos of Halfstack London 2024!
CH
Chris Heilmann
Dev Digest 129 - Now that's what I call private data!
News and ArticlesAfter declaring Google a monopoly there are now considerations to force it to break up - isn't that what the whole Alphabet thing was about? In the last act of Crowdstrike coverage here, they released a deep analysis of the outage th...
Dev Digest 129 - Now that's what I call private data!
CH
Chris Heilmann
Dev Digest 110 - XY marks the spotty security
This time we give you a collection of links about the XZ backdoor, solve the last CODE100 puzzle, announce the next round of it, let you play with colours and explain why Lava lamps are great to keep the web secure.News and ArticlesThe big piece of n...
Dev Digest 110 - XY marks the spotty security

From learning to earning

Jobs that call for the skills explored in this talk.

Frontend Developer

Frontend Developer

JO Media Software Solutions GmBh
Brunn am Gebirge, Austria

Senior
CSS
Angular
JavaScript
TypeScript