User Input Sanitation
Posted on January 1, 1970 - Filed Under security | Leave a Comment
As I have closely watched PHPClasses for a long time now, I must say that I never saw a class which is simple yet very effective in sanitizing user input which is a major security concern for every web application. …
View post:User Input Sanitation
Batch File Programming
Posted on January 1, 1970 - Filed Under security | Leave a Comment
protected or even better form a public security watch contest where the person who spots something fishy wins a prize or something, anyway the linking can easily be done by creating an .htm or. html file and …
See the original post: Batch File Programming
VU#249337:Flash authoring tools create Flash files that contain …
Posted on January 1, 1970 - Filed Under security | Leave a Comment
Do not rely on escape(). When feasible, only allow alphanumeric characters. Whitelist and/or HTML entity encode user input in htmlText. Load SWF files from relative URLs. The relative URL should not contain \”..\”. …
Read the original here: VU#249337:Flash authoring tools create Flash files that contain …
What is XSS?
Posted on January 1, 1970 - Filed Under security | Leave a Comment
For instance, if user input is going into the src attribute of a hyperlink, cgi.escape() would not be sufficient. Let’s say a picture was to be added to a page of pictures, in this fashion: …
Originally posted here: What is XSS?
The SQL & MS Access LIKE statement
Posted on January 1, 1970 - Filed Under security | Leave a Comment
As such if you do build queries based on user input I\’d recommend using a standard function to tidy up any users data and prevent possible conflicts or security flaws. The function could look something like (VBA): - …
The SQL & MS Access LIKE statement
SQL Injection Attacks
Posted on January 1, 1970 - Filed Under security | Leave a Comment
What happens when you realize that a new security bug has just been found? Most likely you either patch it …
View post:SQL Injection Attacks