Security Requirements for Software Development
Posted on June 6, 2008 - Filed Under programming | Leave a Comment
For PHP, use mysql_real_escape_string() if using MySQL, or preferably use PDO which does not require escaping If language is J2EE, documentation of the J2EE Security Manager settings should be provided Do not use GET requests (URLs) for …
Read More..>>The Telling of One Billion Ghost Stories (draft) - Part 29
Posted on June 6, 2008 - Filed Under programming | Leave a Comment
Few resources were being wasted on an escape tunnel that would rarely be used. The far end brought them to a set of double doors, these ones opening with no more than a simple latch. Once inside, further high security had been made …
Read More..>>Top 10 Linux Commands Anyone Can Use
Posted on June 6, 2008 - Filed Under programming | Leave a Comment
This command receives input from STDIN (Standard Input) and allows you to page through the output. This is useful with the command mentioned above. What if you have too much data for your shell’s output buffer? You can’t scroll up. …
Read More..>>PHP Security / SQL Security - Part 1
Posted on June 5, 2008 - Filed Under programming | Leave a Comment
Combining the above techniques to provide stripping of tags, escaping of special shell characters, entity-quoting of HTML and regular expression-based input validation, it is possible to construct secure web scripts with relatively …
Read More..>>RailsConf 2008 Recap
Posted on June 3, 2008 - Filed Under programming | Leave a Comment
Take advantage of the quote() function to sanitize user input (for SQL). Cross Site Scripting preventive measures: SafeERb, XSS Shield, Manual Escaping with h(). Tarantula plugin crawls everything and performs form fuzzing. …
Read More..>>Getting Started With CodeIgniter: Part 4 - Security
Posted on June 1, 2008 - Filed Under programming | Leave a Comment
array($this->input->post(’username’), $this->input->post(’password’)));. As you can see, the query() function has a little known optional second parameter of an array of variables to stick into the SQL. CI will automatically escape …
Read More..>>Re: [WEB SECURITY] Question about escaping strings in javascript
Posted on June 1, 2008 - Filed Under programming | Leave a Comment
Hey Evert,There’s a great compilation of input vectors at :http://ha.ckers.org/xss.html. Eg. if content is parsed into an img tag, the following might be a possible IV:- EnricEvert | Collab …
Read More..>>jesse ruderman answers your questions
Posted on May 29, 2008 - Filed Under programming | Leave a Comment
I think Mozilla tends to get the easy stuff, like avoiding buffer overflows and validating/escaping input, right. But we don’t do very well at “Don’t make your data structure invariants so complex that you cannot keep track of them.” …
Read More..>>Question about scripting attacks and security… in Programming …
Posted on May 28, 2008 - Filed Under programming | Leave a Comment
I know when you’re displaying data from the database, you should always use the html_escape (h) method to escape injections or other attacks in case someone input javascript or code to run:. Code : - fold - unfold …
Read More..>>How To Request A Ticket Using QlikView’s HTTP Server
Posted on May 27, 2008 - Filed Under programming | Leave a Comment
responseText.substring(18,58); } function ShowTicket() { var ticket = GetTicket(); alert(ticket); } function GoPlugin() { var ticket = GetTicket(); window.open(”/QvPlugin/opendoc.htm?document=”+ escape(document. …
Read More..>>