

[S5 Slides] Security in Web Applications - costan
http://6.470.scripts.mit.edu/lectures/security/html/all.html

======
costan
Zipped source code:
[http://6.470.scripts.mit.edu/lectures/security/security_in_w...](http://6.470.scripts.mit.edu/lectures/security/security_in_webapps_slides.zip)

Live source code: <http://github.com/costan/security_in_webapps_slides>

------
aidenn0
1) Don't use anything fast (like md5) to hash your passwords. Use many-rounds
of md5 or sha-1, or use something specifically designed for password hashing
like eksblowfish

2) Don't escape your SQL, use parameterized queries

------
brlewis
How good is md5 plus a 4-character (digits, actually, in the slides) salt?

