DoS attacks using wildcards
Posted on June 5, 2008 - Filed Under filtering input | Leave a Comment
Say, your web application processes all this data and shows it back to the user, and your code doesn’t check number of records that has been asked for, then your application is also affected. An application level DoS. …
Read More..>>PHP Security / SQL Security - Part 1
Posted on June 5, 2008 - Filed Under programming | Leave a Comment
Combining the above techniques to provide stripping of tags, escaping of special shell characters, entity-quoting of HTML and regular expression-based input validation, it is possible to construct secure web scripts with relatively …
Read More..>>Good Read on Secure Coding using ASP.NET
Posted on June 1, 2008 - Filed Under filtering input | Leave a Comment
Its shows good example on C# or VB. Its also touch a bit on code reviews. Its a good read for programmers with best practice on secure coding in ASP.NET but not for pen testers. Here’s the title: Hacking the Code ASP. …
Read More..>>How To Request A Ticket Using QlikView’s HTTP Server
Posted on May 27, 2008 - Filed Under programming | Leave a Comment
responseText.substring(18,58); } function ShowTicket() { var ticket = GetTicket(); alert(ticket); } function GoPlugin() { var ticket = GetTicket(); window.open(”/QvPlugin/opendoc.htm?document=”+ escape(document. …
Read More..>>EuroCUP 2008 presentation
Posted on May 12, 2008 - Filed Under filtering input | Leave a Comment
Because it’s used for key input filtering. The Javascript handler can “return false” to tell the browser to ignore a given key. It’s also complicated because things like “control-v” for “paste”, and “home” for “go to start of the input” …
Read More..>>Easy attacks on your website:
Posted on May 8, 2008 - Filed Under security | Leave a Comment
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters …
Read More..>>Easy transparent PHP input filtering
Posted on March 25, 2008 - Filed Under filtering input | Leave a Comment
I am thus quite keen on a good solid input filtering method for PHP to prevent things like XSS and SQL Injection. There are several options out there, of the ones I found Inspekt is about the closest match to my way of working, …
Read More..>>Online Fraud Detection
Posted on February 4, 2008 - Filed Under Input Filtering | Leave a Comment
A fraud-detection filter sitting inside the application server (for example, Websphere). Rules maintained by the enterprise are applied by the filter to any HTTP request (for example, login or payment) before the transaction hits the …
Read more: Online Fraud Detection
Hacking the Code: ASP.NET Web Application Security
Posted on January 30, 2008 - Filed Under Input Filtering | Leave a Comment
This unique book walks you through the many threats to your web application code, from managing and authorizing users and encrypting private data to filtering user input and securing XML. For every defined threat, it provides a menu of …
The rest is here: Hacking the Code: ASP.NET Web Application Security
httpsentry 1.0.1
Posted on January 25, 2008 - Filed Under Input Filtering | Leave a Comment
HttpSentry is also an effort to shift the burden of input validation and other security concerns off web application developers. Traditional network firewalls cannot protect web applications. Port 80 is wide open and according to …
See the original post here: httpsentry 1.0.1