Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009
-
Upload
christian-heilmann -
Category
Documents
-
view
6.934 -
download
8
description
Transcript of Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009
![Page 1: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/1.jpg)
Basic housekeeping
Plugging obvious security holes in web sites.
Chris9an Heilmann, Paris Web, Paris, October 2009
![Page 2: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/2.jpg)
![Page 3: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/3.jpg)
![Page 4: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/4.jpg)
A few things to remember about basic web security.
![Page 5: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/5.jpg)
A bit of pimping...Gérer la sécurité de vos applica9ons web (Salle 1)
Présenté par : Sébas9en Pauchet (WS Interac9ve),
Frank Taillandier (Académie de Toulouse)
a.k.a. Dirty Tricks with @DirtyF
![Page 6: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/6.jpg)
The most annoying thing is that the dangers on the web are underes9mated.
![Page 7: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/7.jpg)
![Page 8: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/8.jpg)
Reasons for aRacks:Spam injec9on.Iden9ty theT.Data mining.Botnet / Zombies / DOS
![Page 9: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/9.jpg)
A lot of clever terms are used in security.
SQL injec9on XSS CSRFClickJacking Phishing
![Page 10: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/10.jpg)
In the end, a lot is about keeping your web products clean.
![Page 11: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/11.jpg)
This very much starts on the server side.
![Page 12: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/12.jpg)
Think about your folders.
![Page 13: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/13.jpg)
![Page 14: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/14.jpg)
![Page 15: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/15.jpg)
![Page 16: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/16.jpg)
![Page 17: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/17.jpg)
Telling the world too much.
![Page 18: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/18.jpg)
You don’t want the admin folders of your app to be indexed by Google SearchEngines.
![Page 19: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/19.jpg)
Your system might tell more about your site than you are aware of.
![Page 20: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/20.jpg)
Error messages are only needed in produc9on ‐ on live servers they can tell more than you want to.
![Page 21: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/21.jpg)
Keep your server setup secure.
![Page 22: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/22.jpg)
hRp://yoursite.com/index.php?admin=true
hRp://phpsec.org/projects/phpsecinfo/
![Page 23: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/23.jpg)
hRp://phpsec.org/projects/phpsecinfo/
![Page 24: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/24.jpg)
Basic server measures:Turn off folder browsing.Stop bot indexing (robots.txt).Secure your setup.Turn off error messaging.Disallow remote fileinclusion.Delete old and orphan files.
![Page 25: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/25.jpg)
The next danger is blindly relying on soTware.
![Page 26: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/26.jpg)
Predefined backdoors and passwords.
![Page 27: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/27.jpg)
admin/adminadmin/passworddefault/defaultuser/userpreset/presetbuil9n/buil9n
![Page 28: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/28.jpg)
Plugins
![Page 29: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/29.jpg)
Basic soTware measures:Change every password.Check for presets.RTFM.Keep Plugins up‐to‐date.Check for security holes.Don’t trust “easy setup”.Upgrade.
![Page 30: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/30.jpg)
Front end security issues.
![Page 31: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/31.jpg)
This is not hard.Don’t trust any user data.HTML is not a database.JavaScript is not a secure data container.Do not rely on JavaScript.
![Page 32: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/32.jpg)
Frontend is public.If you comment, comment on the backend, do not “comment out” func9onality.
![Page 33: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/33.jpg)
Frontend is insecure.Anything in the frontend is executed and can be used to steal all your cookies.
(frames, images, scripts, links...)
![Page 34: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/34.jpg)
hRp://us2.php.net/manual/en/book.filter.php
Filtering
![Page 35: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/35.jpg)
Whitelis9ng
![Page 36: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/36.jpg)
Clickjacking.
![Page 37: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/37.jpg)
![Page 38: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/38.jpg)
Basic frontend measures:Break frames.Filter inputs.Whitelist inputs.Avoid hacks (expression()).Avoid URL assembling.
![Page 39: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/39.jpg)
Our users
![Page 40: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/40.jpg)
Social engineering.
![Page 41: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/41.jpg)
SocEng basics:Show authority.Create fake need of urgency.Take over responsibility.
![Page 42: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/42.jpg)
Condi9oning helps. :‐(
![Page 43: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/43.jpg)
I approve of this!
![Page 44: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/44.jpg)
Social networks
![Page 45: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/45.jpg)
![Page 46: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/46.jpg)
![Page 47: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/47.jpg)
![Page 48: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/48.jpg)
Step 1: Log in yourself
![Page 49: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/49.jpg)
Step 2: Get list of followers
![Page 50: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/50.jpg)
![Page 51: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/51.jpg)
Step 3: Set the trap
![Page 52: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/52.jpg)
http://twitter.com/statuses/user_timeline/codepo8.xml?count=200
![Page 53: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/53.jpg)
![Page 54: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/54.jpg)
Step 4: Lure his followers
![Page 55: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/55.jpg)
None of this!
![Page 56: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/56.jpg)
Predictability
![Page 57: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/57.jpg)
Basic people measures:Don’t allow for auto log‐in.Share security responsibilitywith the users.Avoid stressful interfaces.Be very open about your communica9on.
![Page 58: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/58.jpg)
Bot aRacks.
![Page 59: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/59.jpg)
hRp://caca.zoy.org/wiki/PWNtcha
Captchas to the rescue?
![Page 60: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/60.jpg)
Bot aRack measures.Honeyponng.Timed interfaces.Cookie check / Crumbing.Spike detec9on. OpenID / third party logins.
![Page 61: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/61.jpg)
Nothing beats being up‐to‐date!
![Page 62: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/62.jpg)
![Page 63: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/63.jpg)
None of this!
![Page 64: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/64.jpg)
I approve of this!
![Page 65: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/65.jpg)
You learn a lot from logs.
![Page 66: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/66.jpg)
![Page 67: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/67.jpg)
No strength in numbers.
![Page 68: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/68.jpg)
Check your posts.
![Page 69: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/69.jpg)
And query terms.
![Page 70: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/70.jpg)
Some not‐so sci‐fi ideas...
![Page 71: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/71.jpg)
Guest passes.
![Page 72: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/72.jpg)
oAuth
![Page 73: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/73.jpg)
OpenID
![Page 74: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/74.jpg)
Caja/ADsafe
![Page 75: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/75.jpg)
Caja limits and secures web standards.
![Page 76: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/76.jpg)
★ Custom aRributes★ Custom tags★Unclosed tags★ <embed>★ <iframe>★ <link rel=‘…★ javascript:void(0) ★ Radio buRons in IE★ Rela9ve url’s
Caja vs. “HTML”
![Page 77: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/77.jpg)
★ eval()★ new Func9on()★ Strings as event handlers (node.onclick = '...';)★ Names ending with double / triple underscores★ with func9on (with (obj) { ... })★ Implicit global variables (specify var variable)★ Calling a method as a func9on★ document.write ★ window.event★ .onclick★ OpenSocial gadgets.io.makeRequest return JS
Caja vs “JavaScript”
![Page 78: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/78.jpg)
★ * hacks★ _ hacks★ IE condi9onals★ Insert‐aTer clear fix★ expression()★@import★ Background images in IE
Caja vs “CSS”
![Page 79: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/79.jpg)
Throwaway logins.
![Page 80: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/80.jpg)
New challenges.
![Page 81: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/81.jpg)
Social Network aRacks
![Page 82: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/82.jpg)
The mobile web.
![Page 83: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/83.jpg)
Camera access.
![Page 84: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/84.jpg)
Loca9on based services.
![Page 85: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/85.jpg)
Biometric recogni9on.
![Page 86: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/86.jpg)
Right now things are not safe.
![Page 87: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/87.jpg)
But you can help making the web safer.
![Page 88: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/88.jpg)
Keep it clean, keep it up‐to‐date and be alert.
![Page 89: Basic Housekeeping - Plugging Obvious Security Holes In Web Sites - Paris Web2009](https://reader033.fdocument.pub/reader033/viewer/2022050816/54b70d694a79596c528b4661/html5/thumbnails/89.jpg)
Chris9an Heilmann hRp://wait‐9ll‐i.com hRp://developer‐evangelism.com hRp://twiRer.com/codepo8
MERCI!