Web Dev Matters and Me

Web Development Matters - HTML, XML, C#, .NET, AJAX/Javascript(jQuery), CSS, XML-XSLT

ME - LIFE,Philippines, Tokyo, ECE, PhilNITS/JITSE,情報処理, 日本語

things about Philippines, gaming, C# development and web development, how to make money in stock trading

Web Dev Matters and Me

Current cravings for development

Lately, I'm doing a series of RnD. These involves facebook integration, few optimization in IIS 6/7.x and some UI considerations, thanks to HTML5, CSS3 , javascript and some SVG things as well.

For the FB integration, it was really simple in concept, quite intimidating at first. FB uses OAuth as a mean of authentication. This means developers doesn't have to store private informations (like user password), they just require an access token, something that grants them specific permission given by users of their appliction. This token can do lots of things on behalf of the user.

No one can stop facebook from growing now. I think everyone is already hooked with facebook, so developing something inline with FB's graph API is a good choice, IMO.


After few handshake process, a token must be stored and can be re-used. post to friends's wall, like something, etc.

Top 10 Web Application Security Risks

What makes Web Application different from Windows apps or other client apps is that it is accessible remotely and all users can access the same application anywhere. This also eliminates the need to have all users install software upgrades, the developer can update the version on the server. However, web applications are prone to security issues like

1: Injection

- Can be done by simply adding input to invalidate SQL query and add their own potentially dangerous query.
- Can be prevented by filtering the user inputs and have the methods accept specific types of data (parameter based query commands).


2: Cross-Site Scripting (XSS)
- Same with injection. If the inputs available to user are filtered,

3: Broken Authentication and Session Management

4: Insecure Direct Object References

5: Cross-Site Request Forgery (CSRF)

6: Security Misconfiguration
- configs

7: Insecure Cryptographic Storage

8: Failure to Restrict URL Access
- disable directory browsing

9: Insufficient Transport Layer Protection
- SSL

10: Unvalidated Redirects and Forwards


Source: OWASP (http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)

FB Connect