May 21st, 2004, 08:17 AM
Web security links
Hi! I just found these great links (if you have more links please post them here).
General web applications vulnerability
For many web developers, this is their first experience with programming, much less with secure programming techniques, and they may not have a good mentor to guide them. An additional source of danger are browsers which try to compensate for what the browser believes is an error on the web page, thereby creating additional security vulnerabilities.
Learn how to deal with the well-known web applications vulnerabilities here:
Cross Site Scripting vulnerability
Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website.
Learn how to deal with the well-known XSS vulnerabilities here:
SQL Injection vulnerability
SQL Injection is simply a term describing the act of passing SQL code into an application that was not intended by the developer. In fact, much of the problems that allow SQL injection are not the fault of the database server per-se but rather are due to poor input validation and coding at other code layers.
Learn how to deal with the well-known SQL injection vulnerabilities here:
Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds
May 21st, 2004, 07:14 PM
May 22nd, 2004, 01:49 PM
The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content
May 22nd, 2004, 09:57 PM