Security Requirements for Software Development
Posted on June 6, 2008 - Filed Under programming | Leave a Comment
For PHP, use mysql_real_escape_string() if using MySQL, or preferably use PDO which does not require escaping If language is J2EE, documentation of the J2EE Security Manager settings should be provided Do not use GET requests (URLs) for …
Read More..>>DoS attacks using wildcards
Posted on June 5, 2008 - Filed Under filtering input | Leave a Comment
Say, your web application processes all this data and shows it back to the user, and your code doesn’t check number of records that has been asked for, then your application is also affected. An application level DoS. …
Read More..>>PHP Security / SQL Security - Part 1
Posted on June 5, 2008 - Filed Under programming | Leave a Comment
Combining the above techniques to provide stripping of tags, escaping of special shell characters, entity-quoting of HTML and regular expression-based input validation, it is possible to construct secure web scripts with relatively …
Read More..>>PHP / SQL Security - Part 2
Posted on June 5, 2008 - Filed Under security | Leave a Comment
In the previous article, I looked at processing and securing user input when it is to be redisplayed or executed as PHP code. Now its time to consider entering that data into a database, and cover the security issues which arise when …
Read More..>>RailsConf 2008 Recap
Posted on June 3, 2008 - Filed Under programming | Leave a Comment
Take advantage of the quote() function to sanitize user input (for SQL). Cross Site Scripting preventive measures: SafeERb, XSS Shield, Manual Escaping with h(). Tarantula plugin crawls everything and performs form fuzzing. …
Read More..>>Question about scripting attacks and security… in Programming …
Posted on May 28, 2008 - Filed Under programming | Leave a Comment
I know when you’re displaying data from the database, you should always use the html_escape (h) method to escape injections or other attacks in case someone input javascript or code to run:. Code : - fold - unfold …
Read More..>>HP Helps Businesses Defend Against Malicious Web Attacks with New …
Posted on May 27, 2008 - Filed Under filtering input | Leave a Comment
According to the Web Application Security Consortium, an international group of application security experts and industry practitioners, more than 40 percent of web hacking incidents are aimed at stealing personal information. …
Read More..>>Web Application Programmer Wits.
Posted on May 22, 2008 - Filed Under filtering input | Leave a Comment
Key thing to notice is that I am a developer as well as a security blogger myself, and so forth know what I am talking about. So I want to take this opportunity to make something clear about programming a secure web application. …
Read More..>>Advanced Web Application Security
Posted on May 21, 2008 - Filed Under filtering input | Leave a Comment
The security landscape has changed dramatically in the past 12 months. Unless you are aware of CSRF, Javascript Highjacking and the many ways to fool an XSS filter, it’s likely that your web application will not be secure. …
Read More..>>Easy attacks on your website:
Posted on May 8, 2008 - Filed Under security | Leave a Comment
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters …
Read More..>>