Integrating Vulnerability Scanners and Web Application Firewalls
Posted on June 6, 2008 - Filed Under filtering input | Leave a Comment
As I mentioned in my previous post - What’s the Score of the Game - I feel that one of areas where organizations are failing, with regards to web application security, is that there is a lack of communication between the following three …
Read More..>>DoS attacks using wildcards
Posted on June 5, 2008 - Filed Under filtering input | Leave a Comment
Say, your web application processes all this data and shows it back to the user, and your code doesn’t check number of records that has been asked for, then your application is also affected. An application level DoS. …
Read More..>>Re: Best practice for validation
Posted on June 5, 2008 - Filed Under filtering input | Leave a Comment
Zend_Form handles input filtering, so it can be dropped in as a > replacement for Zend_Filter_Input (another option you didn’t specify) as > an input filter for your model. Just because Zend_Form _can_ render …
Read More..>>Flying Woes
Posted on June 2, 2008 - Filed Under filtering input | Leave a Comment
Some of these rules and security precautions are just complete nonsense. A knife that’s 3 1/2 inches is fine, but four inches and you’re a terrorist! Thankfully, I don’t really look like a trouble maker, if you could even articulate …
Read More..>>Good Read on Secure Coding using ASP.NET
Posted on June 1, 2008 - Filed Under filtering input | Leave a Comment
Its shows good example on C# or VB. Its also touch a bit on code reviews. Its a good read for programmers with best practice on secure coding in ASP.NET but not for pen testers. Here’s the title: Hacking the Code ASP. …
Read More..>>HP Helps Businesses Defend Against Malicious Web Attacks with New …
Posted on May 27, 2008 - Filed Under filtering input | Leave a Comment
According to the Web Application Security Consortium, an international group of application security experts and industry practitioners, more than 40 percent of web hacking incidents are aimed at stealing personal information. …
Read More..>>Web Application Programmer Wits.
Posted on May 22, 2008 - Filed Under filtering input | Leave a Comment
Key thing to notice is that I am a developer as well as a security blogger myself, and so forth know what I am talking about. So I want to take this opportunity to make something clear about programming a secure web application. …
Read More..>>Advanced Web Application Security
Posted on May 21, 2008 - Filed Under filtering input | Leave a Comment
The security landscape has changed dramatically in the past 12 months. Unless you are aware of CSRF, Javascript Highjacking and the many ways to fool an XSS filter, it’s likely that your web application will not be secure. …
Read More..>>EuroCUP 2008 presentation
Posted on May 12, 2008 - Filed Under filtering input | Leave a Comment
Because it’s used for key input filtering. The Javascript handler can “return false” to tell the browser to ignore a given key. It’s also complicated because things like “control-v” for “paste”, and “home” for “go to start of the input” …
Read More..>>Wordpress Gallery - Nasty PHP Authentication Handling
Posted on May 9, 2008 - Filed Under filtering input | Leave a Comment
Easy transparent PHP input filtering I have been working on a site that will have potentially quite a few random third parties accessing it and inserting data into a MySQL database. I am thus quite keen on a good solid input filtering …
Read More..>>