Top 10 Linux Commands Anyone Can Use
Posted on June 6, 2008 - Filed Under programming | Leave a Comment
This command receives input from STDIN (Standard Input) and allows you to page through the output. This is useful with the command mentioned above. What if you have too much data for your shell’s output buffer? You can’t scroll up. …
Read More..>>Getting Started With CodeIgniter: Part 4 - Security
Posted on June 1, 2008 - Filed Under programming | Leave a Comment
array($this->input->post(’username’), $this->input->post(’password’)));. As you can see, the query() function has a little known optional second parameter of an array of variables to stick into the SQL. CI will automatically escape …
Read More..>>Web Application Programmer Wits.
Posted on May 22, 2008 - Filed Under filtering input | Leave a Comment
Key thing to notice is that I am a developer as well as a security blogger myself, and so forth know what I am talking about. So I want to take this opportunity to make something clear about programming a secure web application. …
Read More..>>Advanced Web Application Security
Posted on May 21, 2008 - Filed Under filtering input | Leave a Comment
The security landscape has changed dramatically in the past 12 months. Unless you are aware of CSRF, Javascript Highjacking and the many ways to fool an XSS filter, it’s likely that your web application will not be secure. …
Read More..>>Wordpress Gallery - Nasty PHP Authentication Handling
Posted on May 9, 2008 - Filed Under filtering input | Leave a Comment
Easy transparent PHP input filtering I have been working on a site that will have potentially quite a few random third parties accessing it and inserting data into a MySQL database. I am thus quite keen on a good solid input filtering …
Read More..>>Easy transparent PHP input filtering
Posted on March 25, 2008 - Filed Under filtering input | Leave a Comment
I am thus quite keen on a good solid input filtering method for PHP to prevent things like XSS and SQL Injection. There are several options out there, of the ones I found Inspekt is about the closest match to my way of working, …
Read More..>>Hacker Network Security HandBook
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
turn on local echo, set authentication to NTLM, set the escape. character, and set up logging. • SET NTLM turns on NTLM. While you are using NTLM Authentication, you are not. …
More here: Hacker Network Security HandBook
wiki:plugins:security - Add some material on XSS
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
It is usually safer to parse the users input to check that they are only using the permitted attributes, rather than to try to parse out the prohibited attributes. This is often referred to as \”whitelisting\” the permitted things in …
See more here: wiki:plugins:security - Add some material on XSS
Hoogle 3 Security Bug
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
Enhanced security is one of the many advantages that Haskell offers. It is not possible to overrun a buffer and conduct stack smashing attacks on a Haskell program. Passing query strings will not overwrite global variables, and escaping …
View original here: Hoogle 3 Security Bug
[XSS Info] Re: all lowercase javascript without parenthesis
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
The escape() method doesn\’t seem to work. i tried this and it didn\’t work: \’e setter=eval;u setter=unescape;e=u=\’%61%6c%65%72%74%28%27%58%53%53%27%29\’\’ I tried doubly escaping it and it didn\’t work, either: \’e setter=eval;u …
See the original post: [XSS Info] Re: all lowercase javascript without parenthesis