{"id":36383,"date":"2019-02-27T13:43:24","date_gmt":"2019-02-27T11:43:24","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=36383"},"modified":"2019-02-27T13:43:32","modified_gmt":"2019-02-27T11:43:32","slug":"intro-to-basic-web-application-security","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/","title":{"rendered":"Intro to basic web application security"},"content":{"rendered":"<!-- google_ad_section_start -->\n\n<figure class=\"wp-block-image\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"660\" height=\"185\" data-attachment-id=\"36384\" data-permalink=\"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/security-2\/\" data-orig-file=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?fit=1000%2C280&amp;ssl=1\" data-orig-size=\"1000,280\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"security\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?fit=660%2C185&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=660%2C185&#038;ssl=1\" alt=\"\" class=\"wp-image-36384\" srcset=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?w=1000&amp;ssl=1 1000w, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=500%2C140&amp;ssl=1 500w, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=768%2C215&amp;ssl=1 768w\" sizes=\"auto, (max-width: 660px) 100vw, 660px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">&#8220;<a href=\"https:\/\/www.raeder.technology\/post\/intro-to-basic-web-application-security\">Intro to basic web application security<\/a>&#8221; is an excellent overview of the most common mistakes web developers make when it comes to security.  The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them.  The list includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>SQL injection (of course! no such guide would be complete without it)<\/li><li>Cross-site scripting (XSS)<\/li><li>Cross-site Request Forgery (CSRF\/XSRF)<\/li><li>Local file inclusion (LFI)<\/li><li>Insufficient password hashing<\/li><li>Man in the middle (MITM)<\/li><li>Command injection<\/li><li>XML external entity (XXE)<\/li><li>Sensitive data exposure (including error messages and exceptions)<\/li><li>Login rate limits<\/li><li>and a variety of other, small, but potentially dangerous issues.<\/li><\/ul>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>&#8220;Intro to basic web application security&#8221; is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes: SQL injection (of course! no such guide would be complete &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Intro to basic web application security<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Intro to basic web application security #WebDev #PHP #security","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_links_to":"","_links_to_target":""},"categories":[1,18,62,1334],"tags":[3069,38,200,1330],"keyring_services":[],"class_list":["post-36383","post","type-post","status-publish","format-standard","hentry","category-general","category-programming","category-technology","category-web-work","tag-best-practices","tag-php","tag-security","tag-web-development"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.10 - aioseo.com -->\n\t<meta name=\"description\" content=\"&quot;Intro to basic web application security&quot; is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes: SQL injection (of course! no such guide would be complete\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Leonid Mamchenkov\"\/>\n\t<meta name=\"google-site-verification\" content=\"VHvdD0_usx1_4DzKy_QCVcICVgX2EgA2ybELT-wl7kQ\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.10\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Leonid Mamchenkov - Life, universe, and everything else\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Intro to basic web application security - Leonid Mamchenkov\" \/>\n\t\t<meta property=\"og:description\" content=\"&quot;Intro to basic web application security&quot; is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes: SQL injection (of course! no such guide would be complete\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2019-02-27T11:43:24+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2019-02-27T11:43:32+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/MamchenkovBlog\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@mamchenkov\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Intro to basic web application security - Leonid Mamchenkov\" \/>\n\t\t<meta name=\"twitter:description\" content=\"&quot;Intro to basic web application security&quot; is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes: SQL injection (of course! no such guide would be complete\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@mamchenkov\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2019\\\/02\\\/27\\\/intro-to-basic-web-application-security\\\/#blogposting\",\"name\":\"Intro to basic web application security - Leonid Mamchenkov\",\"headline\":\"Intro to basic web application security\",\"author\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/mamchenkov.net\\\/wordpress\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/security.jpg?fit=1000%2C280&ssl=1\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2019\\\/02\\\/27\\\/intro-to-basic-web-application-security\\\/#articleImage\",\"width\":1000,\"height\":280},\"datePublished\":\"2019-02-27T13:43:24+02:00\",\"dateModified\":\"2019-02-27T13:43:32+02:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2019\\\/02\\\/27\\\/intro-to-basic-web-application-security\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2019\\\/02\\\/27\\\/intro-to-basic-web-application-security\\\/#webpage\"},\"articleSection\":\"All, Programming, Technology, Web work, best practices, PHP, security, web development\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2019\\\/02\\\/27\\\/intro-to-basic-web-application-security\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"position\":2,\"name\":\"Technology\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/#listItem\",\"name\":\"Programming\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/#listItem\",\"position\":3,\"name\":\"Programming\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2019\\\/02\\\/27\\\/intro-to-basic-web-application-security\\\/#listItem\",\"name\":\"Intro to basic web application security\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2019\\\/02\\\/27\\\/intro-to-basic-web-application-security\\\/#listItem\",\"position\":4,\"name\":\"Intro to basic web application security\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/#listItem\",\"name\":\"Programming\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\",\"name\":\"Leonid Mamchenkov\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2019\\\/02\\\/27\\\/intro-to-basic-web-application-security\\\/#personImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/\",\"name\":\"Leonid Mamchenkov\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2019\\\/02\\\/27\\\/intro-to-basic-web-application-security\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2019\\\/02\\\/27\\\/intro-to-basic-web-application-security\\\/#webpage\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2019\\\/02\\\/27\\\/intro-to-basic-web-application-security\\\/\",\"name\":\"Intro to basic web application security - Leonid Mamchenkov\",\"description\":\"\\\"Intro to basic web application security\\\" is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes: SQL injection (of course! no such guide would be complete\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2019\\\/02\\\/27\\\/intro-to-basic-web-application-security\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"datePublished\":\"2019-02-27T13:43:24+02:00\",\"dateModified\":\"2019-02-27T13:43:32+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#website\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/\",\"name\":\"Blog of Leonid Mamchenkov\",\"description\":\"Life, universe, and everything else\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Intro to basic web application security - Leonid Mamchenkov","description":"\"Intro to basic web application security\" is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes: SQL injection (of course! no such guide would be complete","canonical_url":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"google-site-verification":"VHvdD0_usx1_4DzKy_QCVcICVgX2EgA2ybELT-wl7kQ","miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/#blogposting","name":"Intro to basic web application security - Leonid Mamchenkov","headline":"Intro to basic web application security","author":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"publisher":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#person"},"image":{"@type":"ImageObject","url":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?fit=1000%2C280&ssl=1","@id":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/#articleImage","width":1000,"height":280},"datePublished":"2019-02-27T13:43:24+02:00","dateModified":"2019-02-27T13:43:32+02:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/#webpage"},"isPartOf":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/#webpage"},"articleSection":"All, Programming, Technology, Web work, best practices, PHP, security, web development"},{"@type":"BreadcrumbList","@id":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress#listItem","position":1,"name":"Home","item":"https:\/\/mamchenkov.net\/wordpress","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","position":2,"name":"Technology","item":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/#listItem","name":"Programming"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/#listItem","position":3,"name":"Programming","item":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/#listItem","name":"Intro to basic web application security"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/#listItem","position":4,"name":"Intro to basic web application security","previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/#listItem","name":"Programming"}}]},{"@type":"Person","@id":"https:\/\/mamchenkov.net\/wordpress\/#person","name":"Leonid Mamchenkov","image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/#personImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"}},{"@type":"Person","@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author","url":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/","name":"Leonid Mamchenkov","image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"}},{"@type":"WebPage","@id":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/#webpage","url":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/","name":"Intro to basic web application security - Leonid Mamchenkov","description":"\"Intro to basic web application security\" is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes: SQL injection (of course! no such guide would be complete","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#website"},"breadcrumb":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/#breadcrumblist"},"author":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"creator":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"datePublished":"2019-02-27T13:43:24+02:00","dateModified":"2019-02-27T13:43:32+02:00"},{"@type":"WebSite","@id":"https:\/\/mamchenkov.net\/wordpress\/#website","url":"https:\/\/mamchenkov.net\/wordpress\/","name":"Blog of Leonid Mamchenkov","description":"Life, universe, and everything else","inLanguage":"en-US","publisher":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#person"}}]},"og:locale":"en_US","og:site_name":"Leonid Mamchenkov - Life, universe, and everything else","og:type":"article","og:title":"Intro to basic web application security - Leonid Mamchenkov","og:description":"&quot;Intro to basic web application security&quot; is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes: SQL injection (of course! no such guide would be complete","og:url":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/","og:image":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg","og:image:secure_url":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg","og:image:width":1024,"og:image:height":1024,"article:published_time":"2019-02-27T11:43:24+00:00","article:modified_time":"2019-02-27T11:43:32+00:00","article:publisher":"https:\/\/www.facebook.com\/MamchenkovBlog","twitter:card":"summary_large_image","twitter:site":"@mamchenkov","twitter:title":"Intro to basic web application security - Leonid Mamchenkov","twitter:description":"&quot;Intro to basic web application security&quot; is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes: SQL injection (of course! no such guide would be complete","twitter:creator":"@mamchenkov","twitter:image":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg"},"aioseo_meta_data":{"post_id":"36383","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2023-07-20 05:48:40","updated":"2026-01-15 14:06:44","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/\" title=\"Technology\">Technology<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/\" title=\"Programming\">Programming<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tIntro to basic web application security\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/mamchenkov.net\/wordpress"},{"label":"Technology","link":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/"},{"label":"Programming","link":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/"},{"label":"Intro to basic web application security","link":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/"}],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":28501,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/04\/19\/useful-payloads-for-security-testing-of-web-applications\/","url_meta":{"origin":36383,"position":0},"title":"Useful payloads for security testing of web applications","author":"Leonid Mamchenkov","date":"April 19, 2018","format":false,"excerpt":"This article (in Russian) lists a number of useful payloads (and some tools that work with them) for security testing of web applications.\u00a0 Below is the list of handy GitHub repositories for web server path testing, cross-site scripting, SQL injection, and several other common types of vulnerabilities.\u00a0 These payloads are\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":29060,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/","url_meta":{"origin":36383,"position":1},"title":"Advanced web security topics","author":"Leonid Mamchenkov","date":"December 10, 2018","format":false,"excerpt":"\"Advanced web security topics\" blog post goes over a variety of ways that a web application can get p0wned.\u00a0 Some of these include: Cross-site scripting (XSS)Mime-type attacksA variety of injections - SQL, JavaScript, HTTPURL indexingClick-jacking... and more.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/mime-types.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":16810,"url":"https:\/\/mamchenkov.net\/wordpress\/2012\/10\/08\/open-web-application-security-project\/","url_meta":{"origin":36383,"position":2},"title":"Open Web Application Security Project","author":"Leonid Mamchenkov","date":"October 8, 2012","format":"link","excerpt":"Open Web Application Security Project","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":22620,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/10\/10\/skipfish-web-application-security-scanner\/","url_meta":{"origin":36383,"position":3},"title":"skipfish &#8211; web application security scanner","author":"Leonid Mamchenkov","date":"October 10, 2014","format":"link","excerpt":"skipfish - web application security scanner","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28610,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/06\/07\/http-the-headers-we-want\/","url_meta":{"origin":36383,"position":4},"title":"HTTP : The headers we want","author":"Leonid Mamchenkov","date":"June 7, 2018","format":false,"excerpt":"\"The headers we want\" is a very simple, straight to the point blog post on the Fastly blog.\u00a0 Unlike many other more generic articles on the subject, it doesn't try to explain the meaning of every HTTP header out there, and it doesn't go into deep theory or the meaning\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/06\/server-timing-500x183.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":28513,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/04\/23\/php-preparing-for-the-penetration-testing\/","url_meta":{"origin":36383,"position":5},"title":"PHP : Preparing for the Penetration Testing","author":"Leonid Mamchenkov","date":"April 23, 2018","format":false,"excerpt":"Chris Cornutt wrote \"PREPARING FOR PENTESTING (@ LONGHORN PHP 2018)\" blog post for his upcoming talk at the conference.\u00a0 I'd gladly attend the talk, but the time and place didn't work out for me this time.\u00a0 Here are a few useful links from his blog post that might come in\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/36383","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=36383"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/36383\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=36383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=36383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=36383"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=36383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}