Stian Fredrikstad

It is soon Christmas, and you might get new shiny gadgets under your Christmas tree. Now it is important to install these new shiny gadgets securely.

When creating a web application, it is almost impossible to create it without relying on third party dependencies. But how do you know that the dependencies you use are secure?

When creating a web application, or a web site with more than one page, you will need to reference different resources. If you create a blog, you need to create unique paths to all the blog posts, like we are doing in this Christmas calendar. You see that the url is https://security.christmas/2018/20, where 2018 is a reference to the year, and 20 to the day of December. It is a fairly simple system, and you may have tried to skip ahead, but been met by a page saying you have to wait a bit longer?

At the beginning, web pages were very static. They were written in HTML, and the web browser had one job, to render the HTML to a page filled with text, images and links. After a few years, the developers wanted more, and JavaScript got introduced.Together with JavaScript came a new breed of vulnerabilities, where the attackers could exploit the possibility to run code in browsers, this was called Cross Site Scripting or XSS.

Did you know that an attacker could inject code into your application, which could retrieve data or do something else that you did not anticipate?

Have you ever wondered how someone could steal money from your bank account while you browse certain sites, or post as you on Facebook? That is called Cross Site Request Forgery (CSRF), and we will try to explain what it is, and how you protect your website and users against it.

This year we will prepare you for the Christmas celebration, by giving you small presents of knowledge every day, which will teach you about the world of security.