Articles

You are going to encounter a number of issues as a Python developer. Mastering the syntax of coding isn’t enough to write functioning, stable applications. You also have to familiarize yourself with different challenges the final application might deal with, including Python security risks.

Many of the discussions about developing secure applications focus on using machine learning to protect customers, such as helping them avoid holiday scams. However, it is equally important to ensure the applications themselves are not vulnerable to cybercriminals.

Source de l’article sur DZONE

SQL (Structured Query Language) is a powerful and widely-used language for managing and manipulating data stored in relational databases. However, it’s important to be aware of common mistakes that can lead to bugs, security vulnerabilities, and poor performance in your SQL code. In this article, we’ll explore some of the most common mistakes made when writing SQL code and how to avoid them.

1. Not Properly Sanitizing User Input

One common mistake made when writing SQL code is not properly sanitizing user input. This can lead to security vulnerabilities such as SQL injection attacks, where malicious users can inject harmful code into your database.

Source de l’article sur DZONE


Article Image

Chatbots Are Here To Stay

Chatbots have been around for a long time and based on the global chatbot market size (and the expected growth), they will stick around for a long time and gain importance. In the past, they’ve rarely met customer expectations or provided much positive experience. However, over the last few years, advances in conversational AI have transformed how they can be used. Since chatbots offer a wide range of applications, in certain cases, they become responsible for collecting and protecting personal information as well. 
Consequently, they are a great attraction for hackers and malicious attacks too. The responsibility of ensuring chatbot security has become more evident after the introduction of GDPR in Europe. As statistics show that this technology will be a determining factor in our lives, security testing must also become part of our daily tasks, so that these chatbots can be used with confidence.

Security Risks, Threats, and Vulnerabilities                 

The words risk, threat, and vulnerability are often confused or used interchangeably when reading about computer security, so let’s first clarify the terminology:

  • Vulnerability refers to a weakness in your software (or hardware, or in your processes, or anything related). In other words, it’s a way hackers could find their way into and exploit your systems.
  • A threat exploits a vulnerability and can cause loss, damage, or destruction of an asset – threats exploit vulnerabilities.                
  • Risk refers to the potential for lost, damaged, or destroyed assets – threats + vulnerability = risk! 
The well-known OWASP Top 10 is a list of top security risks for a web application. Most chatbots out there are available over a public web frontend, and as such, all the OWASP security risks apply to those chatbots as well. Out of these risks, there are two especially important to defend against, as in contrast to the other risks, those two are nearly always a serious threat — XSS (Cross-Site Scripting) and SQL Injection.
In addition, for artificial intelligence-enabled chatbots, there is an increased risk for Denial of Service attacks, due to the higher amount of computing resources involved.

Vulnerability 1: XSS – Cross-Site Scripting

A typical implementation of a chatbot user interface:           

           

  • There is a chat window with an input box.
  • Everything the user enters in the input box is mirrored in the chat window.
  • Chatbot response is shown in the chat window.

The XSS vulnerability is in the second step — when entering text including malicious Javascript code, the XSS attack is fulfilled when the web browser is running the injected code:

 <script>alert(document.cookie)</script>              

Possible Attack Vector

For exploiting an XSS vulnerability the attacker has to trick the victim to send malicious input text. It can be done through one of the following ways:


Introduction to Ruby-on-Rails

A popular development environment, Ruby on Rails features a simple syntax. The environment is accommodating by nature, allowing teams of varying sizes to work in complete harmony. Developers find it fairly easy to learn, and thus, it is one of the most popular development technology available today.

Security Issues With Ruby on Rails

Thanks to Apple, the web development framework saw an overnight upsurge in its popularity. However, in  2012, security breaches invited massive criticism from its patrons.

Source de l’article sur DZONE