Getting Started With CodeIgniter: Part 4 - Security
Posted on June 1, 2008 - Filed Under programming | Leave a Comment
array($this->input->post(’username’), $this->input->post(’password’)));. As you can see, the query() function has a little known optional second parameter of an array of variables to stick into the SQL. CI will automatically escape …
Read More..>>Web Application Programmer Wits.
Posted on May 22, 2008 - Filed Under filtering input | Leave a Comment
Key thing to notice is that I am a developer as well as a security blogger myself, and so forth know what I am talking about. So I want to take this opportunity to make something clear about programming a secure web application. …
Read More..>>Commonly Security Flaws with PHP Sites
Posted on May 9, 2008 - Filed Under programming | Leave a Comment
However, many programmers cut corners when it comes to the security of a web site. In this article, I’ll go over some of the security blunders that are commonplace with PHP programmers. Non-Validated User Input …
Read More..>>Easy attacks on your website:
Posted on May 8, 2008 - Filed Under security | Leave a Comment
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters …
Read More..>>Comment from Jonas Abrahamsson
Posted on April 1, 2008 - Filed Under filtering input | Leave a Comment
I’m currently reconsidering my input filtering policys and find your articles very helpful. I think Gordon’s comment above is very interesting because thats is exactly my approach, to convert whatever data is received to the right type …
Read More..>>Easy transparent PHP input filtering
Posted on March 25, 2008 - Filed Under filtering input | Leave a Comment
I am thus quite keen on a good solid input filtering method for PHP to prevent things like XSS and SQL Injection. There are several options out there, of the ones I found Inspekt is about the closest match to my way of working, …
Read More..>>Online Fraud Detection
Posted on February 4, 2008 - Filed Under Input Filtering | Leave a Comment
A fraud-detection filter sitting inside the application server (for example, Websphere). Rules maintained by the enterprise are applied by the filter to any HTTP request (for example, login or payment) before the transaction hits the …
Read more: Online Fraud Detection
httpsentry 1.0.1
Posted on January 25, 2008 - Filed Under Input Filtering | Leave a Comment
HttpSentry is also an effort to shift the burden of input validation and other security concerns off web application developers. Traditional network firewalls cannot protect web applications. Port 80 is wide open and according to …
See the original post here: httpsentry 1.0.1
Inspekt - PHP Input Filter
Posted on January 23, 2008 - Filed Under Input Filtering | Leave a Comment
Inspekt is an input filtering and validation library for PHP4 and PHP5. Driving principles behind Inspekt Accessing user input via the PHP superglobals is inherently dangerous, because the “default” action is to retrieve raw, …
See more here: Inspekt - PHP Input Filter
Debian: New horde3 packages fix denial of service
Posted on January 20, 2008 - Filed Under Input Filtering | Leave a Comment
LinuxSecurity.com: Ulf Harnhammer discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead …
Go here to read the rest: Debian: New horde3 packages fix denial of service