newer threat, clickjacking, and a user interface issue called phishing. You
may have to deal with all of these as a Web developer if you touch PHP and
HTML, CSS and JavaScript. Even if you don’t use PHP, you could still cause a
lot of problems. Even if you don’t touch code and simply design, you could
be a great asset in this area. You could help make the Web safer by making
security issues understandable to your users.
Let’s go through all of these things and explain what they are and what they
do. The first thing you need to know, though, is how URIs work.
URIs: The Main Way To Attack A Web Service
The address of any document (i.e. file on the Internet) is its Uniform
Resource Identifier (URI). This is what you enter in the browser bar to access
the document and what you embed into code to point to the document.
For example, my website address is http://icant.co.uk, and the
document you see when you open it in a browser is http://
icant.co.uk/index.php (the server automatically redirects to that
document). The logo image resides at the URI http://icant.co.uk/
iconslogo.png, and the image of me pointing at you is on a totally
different server and has the URI http://farm4.static.flickr.com/
3172/3041842192_5b51468648.jpg.
All of these URIs are okay for you to access. Some URIs, though, contain
information that should not be accessible to the outside world. For
example, the /etc/password folder on a server contains password and
user information that should not leak to the Internet.
Every URI can also contain parameters. These are instructions you can send
to the script located at that URI and that are appended to the URI starting