http://inputfiltering.com Fri, 06 Jun 2008 14:54:12 +0000 http://backend.userland.com/rss092 en As I mentioned in my previous post - What’s the Score of the Game - I feel that one of areas where organizations are failing, with regards to web application security, is that there is a lack of communication between the following three … http://inputfiltering.com/filtering-input/integrating-vulnerability-scanners-and-web-application-firewalls/ For PHP, use mysql_real_escape_string() if using MySQL, or preferably use PDO which does not require escaping If language is J2EE, documentation of the J2EE Security Manager settings should be provided Do not use GET requests (URLs) for … http://inputfiltering.com/programming/security-requirements-for-software-development/ Few resources were being wasted on an escape tunnel that would rarely be used. The far end brought them to a set of double doors, these ones opening with no more than a simple latch. Once inside, further high security had been made … http://inputfiltering.com/programming/the-telling-of-one-billion-ghost-stories-draft-part-29/ This command receives input from STDIN (Standard Input) and allows you to page through the output. This is useful with the command mentioned above. What if you have too much data for your shell’s output buffer? You can’t scroll up. … http://inputfiltering.com/programming/top-10-linux-commands-anyone-can-use/ Say, your web application processes all this data and shows it back to the user, and your code doesn’t check number of records that has been asked for, then your application is also affected. An application level DoS. … http://inputfiltering.com/filtering-input/dos-attacks-using-wildcards/ Zend_Form handles input filtering, so it can be dropped in as a > replacement for Zend_Filter_Input (another option you didn’t specify) as > an input filter for your model. Just because Zend_Form _can_ render … http://inputfiltering.com/filtering-input/re-best-practice-for-validation/ Combining the above techniques to provide stripping of tags, escaping of special shell characters, entity-quoting of HTML and regular expression-based input validation, it is possible to construct secure web scripts with relatively … http://inputfiltering.com/programming/php-security-sql-security-part-1/ In the previous article, I looked at processing and securing user input when it is to be redisplayed or executed as PHP code. Now its time to consider entering that data into a database, and cover the security issues which arise when … http://inputfiltering.com/security/php-sql-security-part-2/ Take advantage of the quote() function to sanitize user input (for SQL). Cross Site Scripting preventive measures: SafeERb, XSS Shield, Manual Escaping with h(). Tarantula plugin crawls everything and performs form fuzzing. … http://inputfiltering.com/programming/railsconf-2008-recap/ Hi all,I’ve been trusting PHP’s htmlentities() to escape to HTML for a long time now on several customer site and I want to be sure that it’s secure. I am specifying UTF-8 as my charset in XHTML headers, so I don’t think alternative … http://inputfiltering.com/security/web-security-question-about-anti-xss-applicability-of-phps/