{"id":29060,"date":"2018-12-10T11:51:26","date_gmt":"2018-12-10T09:51:26","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=29060"},"modified":"2018-12-10T11:51:33","modified_gmt":"2018-12-10T09:51:33","slug":"advanced-web-security-topics","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/","title":{"rendered":"Advanced web security topics"},"content":{"rendered":"<!-- google_ad_section_start -->\n\n<figure class=\"wp-block-image\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"400\" height=\"300\" data-attachment-id=\"29061\" data-permalink=\"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/mime-types\/\" data-orig-file=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/mime-types.png?fit=400%2C300&amp;ssl=1\" data-orig-size=\"400,300\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"mime-types\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/mime-types.png?fit=400%2C300&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/mime-types.png?resize=400%2C300&#038;ssl=1\" alt=\"\" class=\"wp-image-29061\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">&#8220;<a href=\"https:\/\/blog.georgovassilis.com\/2016\/04\/16\/advanced-web-security-topics\/\">Advanced web security topics<\/a>&#8221; blog post goes over a variety of ways that a web application can get p0wned.\u00a0 Some of these include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Cross-site scripting (XSS)<\/li><li>Mime-type attacks<\/li><li>A variety of injections &#8211; SQL, JavaScript, HTTP<\/li><li>URL indexing<\/li><li>Click-jacking<\/li><li>&#8230; and more.<\/li><\/ul>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>&#8220;Advanced web security topics&#8221; blog post goes over a variety of ways that a web application can get p0wned.\u00a0 Some of these include: Cross-site scripting (XSS) Mime-type attacks A variety of injections &#8211; SQL, JavaScript, HTTP URL indexing Click-jacking &#8230; and more.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Advanced web security topics #WebDev #security #HTTP #SQL","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_links_to":"","_links_to_target":""},"categories":[1,18,133,62,1334],"tags":[3225,200,1330],"keyring_services":[],"class_list":["post-29060","post","type-post","status-publish","format-standard","hentry","category-general","category-programming","category-sysadmin","category-technology","category-web-work","tag-http","tag-security","tag-web-development"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"&quot;Advanced web security topics&quot; blog post goes over a variety of ways that a web application can get p0wned. Some of these include: Cross-site scripting (XSS)Mime-type attacksA variety of injections - SQL, JavaScript, HTTPURL indexingClick-jacking... and more.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Leonid Mamchenkov\"\/>\n\t<meta name=\"google-site-verification\" content=\"VHvdD0_usx1_4DzKy_QCVcICVgX2EgA2ybELT-wl7kQ\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Leonid Mamchenkov - Life, universe, and everything else\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Advanced web security topics - Leonid Mamchenkov\" \/>\n\t\t<meta property=\"og:description\" content=\"&quot;Advanced web security topics&quot; blog post goes over a variety of ways that a web application can get p0wned. Some of these include: Cross-site scripting (XSS)Mime-type attacksA variety of injections - SQL, JavaScript, HTTPURL indexingClick-jacking... and more.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2018-12-10T09:51:26+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2018-12-10T09:51:33+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/MamchenkovBlog\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@mamchenkov\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Advanced web security topics - Leonid Mamchenkov\" \/>\n\t\t<meta name=\"twitter:description\" content=\"&quot;Advanced web security topics&quot; blog post goes over a variety of ways that a web application can get p0wned. Some of these include: Cross-site scripting (XSS)Mime-type attacksA variety of injections - SQL, JavaScript, HTTPURL indexingClick-jacking... and more.\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@mamchenkov\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/12\\\/10\\\/advanced-web-security-topics\\\/#blogposting\",\"name\":\"Advanced web security topics - Leonid Mamchenkov\",\"headline\":\"Advanced web security topics\",\"author\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/mamchenkov.net\\\/wordpress\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/mime-types.png?fit=400%2C300&ssl=1\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/12\\\/10\\\/advanced-web-security-topics\\\/#articleImage\",\"width\":400,\"height\":300},\"datePublished\":\"2018-12-10T11:51:26+02:00\",\"dateModified\":\"2018-12-10T11:51:33+02:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/12\\\/10\\\/advanced-web-security-topics\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/12\\\/10\\\/advanced-web-security-topics\\\/#webpage\"},\"articleSection\":\"All, Programming, Sysadmin, Technology, Web work, HTTP, security, web development\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/12\\\/10\\\/advanced-web-security-topics\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"position\":2,\"name\":\"Technology\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/#listItem\",\"name\":\"Programming\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/#listItem\",\"position\":3,\"name\":\"Programming\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/12\\\/10\\\/advanced-web-security-topics\\\/#listItem\",\"name\":\"Advanced web security topics\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/12\\\/10\\\/advanced-web-security-topics\\\/#listItem\",\"position\":4,\"name\":\"Advanced web security topics\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/#listItem\",\"name\":\"Programming\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\",\"name\":\"Leonid Mamchenkov\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/12\\\/10\\\/advanced-web-security-topics\\\/#personImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/\",\"name\":\"Leonid Mamchenkov\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/12\\\/10\\\/advanced-web-security-topics\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/12\\\/10\\\/advanced-web-security-topics\\\/#webpage\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/12\\\/10\\\/advanced-web-security-topics\\\/\",\"name\":\"Advanced web security topics - Leonid Mamchenkov\",\"description\":\"\\\"Advanced web security topics\\\" blog post goes over a variety of ways that a web application can get p0wned. Some of these include: Cross-site scripting (XSS)Mime-type attacksA variety of injections - SQL, JavaScript, HTTPURL indexingClick-jacking... and more.\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/12\\\/10\\\/advanced-web-security-topics\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"datePublished\":\"2018-12-10T11:51:26+02:00\",\"dateModified\":\"2018-12-10T11:51:33+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#website\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/\",\"name\":\"Blog of Leonid Mamchenkov\",\"description\":\"Life, universe, and everything else\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Advanced web security topics - Leonid Mamchenkov","description":"\"Advanced web security topics\" blog post goes over a variety of ways that a web application can get p0wned. Some of these include: Cross-site scripting (XSS)Mime-type attacksA variety of injections - SQL, JavaScript, HTTPURL indexingClick-jacking... and more.","canonical_url":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"google-site-verification":"VHvdD0_usx1_4DzKy_QCVcICVgX2EgA2ybELT-wl7kQ","miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/#blogposting","name":"Advanced web security topics - Leonid Mamchenkov","headline":"Advanced web security topics","author":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"publisher":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#person"},"image":{"@type":"ImageObject","url":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/mime-types.png?fit=400%2C300&ssl=1","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/#articleImage","width":400,"height":300},"datePublished":"2018-12-10T11:51:26+02:00","dateModified":"2018-12-10T11:51:33+02:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/#webpage"},"isPartOf":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/#webpage"},"articleSection":"All, Programming, Sysadmin, Technology, Web work, HTTP, security, web development"},{"@type":"BreadcrumbList","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress#listItem","position":1,"name":"Home","item":"https:\/\/mamchenkov.net\/wordpress","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","position":2,"name":"Technology","item":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/#listItem","name":"Programming"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/#listItem","position":3,"name":"Programming","item":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/#listItem","name":"Advanced web security topics"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/#listItem","position":4,"name":"Advanced web security topics","previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/#listItem","name":"Programming"}}]},{"@type":"Person","@id":"https:\/\/mamchenkov.net\/wordpress\/#person","name":"Leonid Mamchenkov","image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/#personImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"}},{"@type":"Person","@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author","url":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/","name":"Leonid Mamchenkov","image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"}},{"@type":"WebPage","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/#webpage","url":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/","name":"Advanced web security topics - Leonid Mamchenkov","description":"\"Advanced web security topics\" blog post goes over a variety of ways that a web application can get p0wned. Some of these include: Cross-site scripting (XSS)Mime-type attacksA variety of injections - SQL, JavaScript, HTTPURL indexingClick-jacking... and more.","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#website"},"breadcrumb":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/#breadcrumblist"},"author":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"creator":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"datePublished":"2018-12-10T11:51:26+02:00","dateModified":"2018-12-10T11:51:33+02:00"},{"@type":"WebSite","@id":"https:\/\/mamchenkov.net\/wordpress\/#website","url":"https:\/\/mamchenkov.net\/wordpress\/","name":"Blog of Leonid Mamchenkov","description":"Life, universe, and everything else","inLanguage":"en-US","publisher":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#person"}}]},"og:locale":"en_US","og:site_name":"Leonid Mamchenkov - Life, universe, and everything else","og:type":"article","og:title":"Advanced web security topics - Leonid Mamchenkov","og:description":"&quot;Advanced web security topics&quot; blog post goes over a variety of ways that a web application can get p0wned. Some of these include: Cross-site scripting (XSS)Mime-type attacksA variety of injections - SQL, JavaScript, HTTPURL indexingClick-jacking... and more.","og:url":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/","og:image":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg","og:image:secure_url":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg","og:image:width":1024,"og:image:height":1024,"article:published_time":"2018-12-10T09:51:26+00:00","article:modified_time":"2018-12-10T09:51:33+00:00","article:publisher":"https:\/\/www.facebook.com\/MamchenkovBlog","twitter:card":"summary_large_image","twitter:site":"@mamchenkov","twitter:title":"Advanced web security topics - Leonid Mamchenkov","twitter:description":"&quot;Advanced web security topics&quot; blog post goes over a variety of ways that a web application can get p0wned. Some of these include: Cross-site scripting (XSS)Mime-type attacksA variety of injections - SQL, JavaScript, HTTPURL indexingClick-jacking... and more.","twitter:creator":"@mamchenkov","twitter:image":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg"},"aioseo_meta_data":{"post_id":"29060","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2023-07-20 05:36:02","updated":"2026-01-15 13:55:45","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/\" title=\"Technology\">Technology<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/\" title=\"Programming\">Programming<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tAdvanced web security topics\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/mamchenkov.net\/wordpress"},{"label":"Technology","link":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/"},{"label":"Programming","link":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/"},{"label":"Advanced web security topics","link":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/"}],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":29250,"url":"https:\/\/mamchenkov.net\/wordpress\/2019\/01\/23\/why-does-apt-not-use-https\/","url_meta":{"origin":29060,"position":0},"title":"Why does APT not use HTTPS?","author":"Leonid Mamchenkov","date":"January 23, 2019","format":false,"excerpt":"In the ever changing world of technology, people often rush to get the latest. Hype for new features, improved performance and security is everywhere, and anybody rarely stops to think about things in depth. Use the best tool for the job, they say. And the latest is always the best.\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":34995,"url":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/18\/build-load-balanced-servers-in-aws-ec2-using-cloudformation\/","url_meta":{"origin":29060,"position":1},"title":"Build load-balanced servers in AWS EC2 using CloudFormation","author":"Leonid Mamchenkov","date":"February 18, 2019","format":false,"excerpt":"\"Build load-balanced servers in AWS EC2 using CloudFormation\" is an excellent guide on deploying load balancer servers with EC2 instances to Amazon AWS cloud with CloudFormation infrastructure management tool. The guide covers a variety of topics from the actual deployment to security and monitoring. There are many different approaches for\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":29111,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/19\/beyond-passwords-2fa-u2f-and-google-advanced-protection\/","url_meta":{"origin":29060,"position":2},"title":"Beyond Passwords: 2FA, U2F and Google Advanced Protection","author":"Leonid Mamchenkov","date":"December 19, 2018","format":false,"excerpt":"\"Beyond Passwords: 2FA, U2F and Google Advanced Protection\" is a rather lengthy, but insightful article on the subject of 2-factor authentication, multi-factor authentication, and other related options.\u00a0 It nicely explains which option is which and how it works, as well as clears a lot of confusion between these terms. The\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/Inserting-the-first-key-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/Inserting-the-first-key-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/Inserting-the-first-key-1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/Inserting-the-first-key-1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":36383,"url":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/","url_meta":{"origin":29060,"position":3},"title":"Intro to basic web application security","author":"Leonid Mamchenkov","date":"February 27, 2019","format":false,"excerpt":"\"Intro to basic web application security\" is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes: SQL injection (of course! no\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":22703,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/10\/22\/amazon-aws-advent-calendar\/","url_meta":{"origin":29060,"position":4},"title":"Amazon AWS Advent Calendar","author":"Leonid Mamchenkov","date":"October 22, 2014","format":"link","excerpt":"Amazon AWS Advent Calendar - this Tumblr blog covers a variety of Amazon AWS related topics in a nice and short series of posts. \u00a0It's a bit dated - from the end of 2012 - but most of it still applies.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28282,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/12\/18\/the-2018-guide-to-building-secure-php-software\/","url_meta":{"origin":29060,"position":5},"title":"The 2018 Guide to Building Secure PHP Software","author":"Leonid Mamchenkov","date":"December 18, 2017","format":false,"excerpt":"\"The 2018 Guide to Building Secure PHP Software\" is an excellent guide to writing modern PHP applications with security in mind.\u00a0 It covers a bunch of the usual topics, but provides fresher solutions than most other similar guides.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/12\/php-security-2018-500x204.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/29060","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=29060"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/29060\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=29060"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=29060"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=29060"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=29060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}