lostecho/build-web-application-with-golang
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix grammar and modify sentences for clarity 09.7.md [en]

Browse Source
This commit is contained in:
Anchor
2014-11-05 11:31:26 -08:00
parent 402ab3227f
commit d14283f3c8
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
en/eBook/09.7.md
View File

@@ -1,8 +1,7 @@
# 9.7 Summary
This chapter describes as: CSRF attacks, XSS attacks, SQL injection attacks, etc. Some Web applications typical methods of attack, they are due to the application on the user's input filter cause no good, so in addition to introduce the method of attack in addition, we have also introduced how to effectively carry out data filtering to prevent these attacks occurrence. Then the password for the day iso serious spill, introduced in the design of Web applications can be used from basic to expert encryption scheme. Finally encryption and decryption of sensitive data brief, Go language provides three symmetric encryption algorithms: base64, AES and DES implementation.
The purpose of writing this chapter is to enhance the reader to the concept of security in the consciousness inside, when the Web application in the preparation of a little more carefully, so that we can write Web applications away from hackers attacks. Go language has been in support of a large anti-attack toolkit, we can take full advantage of these packages to make a secure Web applications.
In this chapter, we've described CSRF, XSS and SQL injection based attacks. Most web applications are vulnerable to these types of attacks due to a lack of adequate input filtering on the part of the application. So, in addition to introducing the principles behind these attacks, we've also introduced a few techniques for effectively filtering user data and preventing these attacks from ever taking place. We then talked about a few methods for securely storing user passwords, first introducing basic one-way hashing for web applications with loose security requirements, then password salting and encryption algorithms for more serious applications. Finally, we briefly discussed two-way hashing and the encryption and decryption of sensitive data. We learned that the Go language provides packages for three symmetric encryption algorithms: base64, AES and DES.
The purpose of this chapter is to help readers become more conscious of the security issues that exist in modern day web applications. Hopefully, it can help developers to plan and design their web applications a little more carefully, so they can write systems that are able to prevent hackers from exploiting user data. The Go language has a large and well designed anti-attack toolkit, and every Go developer should take full advantage of these packages to better secure their web applications.
## Links