Twilio's "Everything You Ever Wanted to Know About Secure HTML Forms" does a great job of breaking down the mechanisms that make a form vulnerable, and the methods you can use to secure them.
https://www.twilio.com/blog/2017/09/everything-you-ever-wanted-to-know-about-secure-html-forms.html
CSS-Tricks' "Serious Form Security"
A brief but well-explained overview of how session handling and logging can play a role in securing your website's user input and form handling
https://css-tricks.com/serious-form-security/
FormAssembly's Best Practices
A more comprehensive explanation of form security elements, including compliance, which is a major concern for many online businesses.
https://help.formassembly.com/help/best-practices-in-web-form-security
"Give me Parameterized SQL or Give me Death"
CodingHorror.com's dramatically titled article on parameterized queries really does a great job of breaking down the value of using this technique to protect your databases.
https://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/
Comentarios