Caroline’s Reviews > Foundations of Security: What Every Programmer Needs to Know > Status Update

Chapter 15 - Again, this chapter included a bit of info I didn't know before, but not in enough detail to feel like I learned much.

Chapter 14 - Fairly interesting

Chapter 13 - There were some topics in this chapter I'm not familiar with. e.g. elliptic curve cryptography and identity-based encryption. They weren't covered in enough detail for me to feel like I learned anything, though. I guess I could treat it as a list of topics to learn more about. :/

Chapter 12 - Again I've heard most of this before, but good review.

Chapter 10 - This chapter was very valuable to me. I had of course heard of cross-site scripting attacks before, but I did not understand them in the detail they are presented with here.

Chapter 9 - Not much new here

Chapter 8 - I definitely knew about SQL injection already, but reviewing the details was helpful.

Chapter 7 - You can't trust data provided by the client. I knew this.

The integer overflow vulnerability example didn't make much sense to me. Why can the attacker make offset a larger number than fits in an int, but they can't (otherwise) make the offset negative?

Ooh, I vaguely knew printf could be unsafe, but wasn't familiar with the details. The linked paper on format string vulnerabilities is really good! (So far - I'm still reading)