PHP Security / SQL Security - Part 1
Posted on June 5, 2008 - Filed Under programming | Leave a Comment
Combining the above techniques to provide stripping of tags, escaping of special shell characters, entity-quoting of HTML and regular expression-based input validation, it is possible to construct secure web scripts with relatively …
Read More..>>EuroCUP 2008 presentation
Posted on May 12, 2008 - Filed Under filtering input | Leave a Comment
Because it’s used for key input filtering. The Javascript handler can “return false” to tell the browser to ignore a given key. It’s also complicated because things like “control-v” for “paste”, and “home” for “go to start of the input” …
Read More..>>SOME USEFUL FACTS OF ASP.NET
Posted on January 14, 2008 - Filed Under Input Filtering | Leave a Comment
The web application you are attempting to access on this web server is currently unavailable. Please hit the “Refresh” button in your web browser to retry your request.”? …. 2.62, How to convert user input in dMy format to Mdy? …
View original post here: SOME USEFUL FACTS OF ASP.NET
wiki:plugins:security - Add some material on XSS
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
It is usually safer to parse the users input to check that they are only using the permitted attributes, rather than to try to parse out the prohibited attributes. This is often referred to as \”whitelisting\” the permitted things in …
See more here: wiki:plugins:security - Add some material on XSS
Hoogle 3 Security Bug
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
Enhanced security is one of the many advantages that Haskell offers. It is not possible to overrun a buffer and conduct stack smashing attacks on a Haskell program. Passing query strings will not overwrite global variables, and escaping …
View original here: Hoogle 3 Security Bug
[XSS Info] Re: all lowercase javascript without parenthesis
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
The escape() method doesn\’t seem to work. i tried this and it didn\’t work: \’e setter=eval;u setter=unescape;e=u=\’%61%6c%65%72%74%28%27%58%53%53%27%29\’\’ I tried doubly escaping it and it didn\’t work, either: \’e setter=eval;u …
See the original post: [XSS Info] Re: all lowercase javascript without parenthesis
[XSS Info] Re: < and >
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
You know about attribute injection right? Occurs when a site echoes back user supplied input into a tags attributes. If you can escape the attribute you can attach a style tag that takes malicious action.
See the original post: [XSS Info] Re: < and >
Firefox 2.0.0.12 Security Release
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
Security researchers hong and Gregory Fleisher each reported a variant on earlier reported bugs regarding focus shifting in file input controls. Their variants used file input controls nested inside …
View original here: Firefox 2.0.0.12 Security Release
linux security 2
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
Simply input names, and if the user exists, you will get back an RFC822 email address with the @ sign. If the user doesn’t exist, you’ll get back a “user unknown†error message. Although a username is not enough for access, …
Originally posted here: linux security 2
Preventing a Bioagent Great Escape
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
Or have input in vetting biotech R&D projects that A*Star brings in? Does it have the powers to conduct surprise mandatory inspections? If so, what has been the compliance rate? Or are researchers only subject to self-regulation …
Excerpted from:Preventing a Bioagent Great Escape