Online Fraud Detection
Posted on February 4, 2008 - Filed Under Input Filtering | Leave a Comment
A fraud-detection filter sitting inside the application server (for example, Websphere). Rules maintained by the enterprise are applied by the filter to any HTTP request (for example, login or payment) before the transaction hits the …
Read more: Online Fraud Detection
httpsentry 1.0.1
Posted on January 25, 2008 - Filed Under Input Filtering | Leave a Comment
HttpSentry is also an effort to shift the burden of input validation and other security concerns off web application developers. Traditional network firewalls cannot protect web applications. Port 80 is wide open and according to …
See the original post here: httpsentry 1.0.1
Inspekt - PHP Input Filter
Posted on January 23, 2008 - Filed Under Input Filtering | Leave a Comment
Inspekt is an input filtering and validation library for PHP4 and PHP5. Driving principles behind Inspekt Accessing user input via the PHP superglobals is inherently dangerous, because the “default” action is to retrieve raw, …
See more here: Inspekt - PHP Input Filter
Debian: New horde3 packages fix denial of service
Posted on January 20, 2008 - Filed Under Input Filtering | Leave a Comment
LinuxSecurity.com: Ulf Harnhammer discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead …
Go here to read the rest: Debian: New horde3 packages fix denial of service
Ed Finkler’s Blog: Inspekt 0.3 now available
Posted on January 1, 1970 - Filed Under Input Filtering | Leave a Comment
Ed Finkler has released the latest version of his Inspekt input filtering/output validation library for PHP5: I’ve uploaded the 0.3 release of Inspekt, the input filtering and validation library for PHP4 and 5. …
Credit:
14 Security Tips For Developing With PHP and MySQL
Posted on January 1, 1970 - Filed Under security | Leave a Comment
Do not use user input directly in your SQL queries. Use mysql_real_escape_string() to escape the user input. PHP.net recommends this function: (well a little different). PLAIN TEXT. PHP:. function escape($values) { …
Here is the original: 14 Security Tips For Developing With PHP and MySQL
RE: Official ZF QuickStart
Posted on January 1, 1970 - Filed Under security | Leave a Comment
For security reasons, it is inadvisable to keep your application\’s scripts in a directory that your web server makes publicly accessible. In this case, index.php immediately hands over control to your bootstrap.php file, which resides …
Continued here: RE: Official ZF QuickStart
The Tainted Edition
Posted on January 1, 1970 - Filed Under security | Leave a Comment
In my opinion security is a process and you have to reconcile for each and every string what it represents and how to escape it in this context. Of course an automatic escaper can be a great help, but …
View post:The Tainted Edition
Top Ten Security Tips Every Developer Must Know
Posted on January 1, 1970 - Filed Under security | Leave a Comment
Security risks can come from anywhere. You could write bad error handling code or be too generous with permissions. You could forget what services are running on your server. You could accept all user input. And the list goes on. …
See the original post here: Top Ten Security Tips Every Developer Must Know
JIRA Security Advisory 2007-12-24
Posted on January 1, 1970 - Filed Under security | Leave a Comment
The fix is to escape all of the error messages rendered on the 500 page, so that no user input, which is propagated to …
The rest is here: JIRA Security Advisory 2007-12-24