Anyone know of a good intro-to-web-app-security-best-practices resource? I don't have the resources to hire a security person and don't have the time to begin learning it all from scratch. I'm generally aware of what attack vectors look like (e.g. XSS, SQL injection, etc.) but am generally unfamiliar with solid low-cost, low-overhead ways of dealing with these problems. I don't have the time or the money (at-present) to set up a WAF -- but I know how important security can be. Where do I go to learn more?
This appears to be a bad headline: it's not the result of an audit on Airbnb, but instead a list of findings as part of a bug bounty.<p>Further: while this is good work, clever findings, and an excellent writeup, it's a series of attacks on a single endpoint; sort of the XSS equivalent of a bug chain for a browser vulnerability. You could quibble over "8 vulnerabilities", since they all add up to the same vulnerability in the same piece of code.<p>The best headline would be the article's own, or, failing that:<p>Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor at Airbnb
Site is wobbling; Google cache version: <a href="https://webcache.googleusercontent.com/search?q=cache:l3pDsjc5p6gJ:https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/+&cd=1&hl=en&ct=clnk&gl=us" rel="nofollow">https://webcache.googleusercontent.com/search?q=cache:l3pDsj...</a>