-
Web security links
Hi! I just found these great links (if you have more links please post them here).
General web applications vulnerability
For many web developers, this is their first experience with programming, much less with secure programming techniques, and they may not have a good mentor to guide them. An additional source of danger are browsers which try to compensate for what the browser believes is an error on the web page, thereby creating additional security vulnerabilities.
Learn how to deal with the well-known web applications vulnerabilities here:
http://ist-socrates.berkeley.edu:730...sec/index.html
Cross Site Scripting vulnerability
Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website.
Learn how to deal with the well-known XSS vulnerabilities here:
http://www.cgisecurity.com/articles/xss-faq.shtml
SQL Injection vulnerability
SQL Injection is simply a term describing the act of passing SQL code into an application that was not intended by the developer. In fact, much of the problems that allow SQL injection are not the fault of the database server per-se but rather are due to poor input validation and coding at other code layers.
Learn how to deal with the well-known SQL injection vulnerabilities here:
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
Peace always,
<jdenny>
-
-
-