<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

WebApp Sec: Re: SQL Injection

Re: SQL Injection

From: Frank Knobbe <frank_at_knobbe.us>
Date: Mon, 28 Jun 2004 20:34:20 -0500

On Wed, 2004-06-16 at 08:08, Jeff Williams wrote:
> Output validation is intended to protect against attempts to inject attacks
> into the browser. The most important of these is cross-site scripting, which
> is covered by the Top Ten A4, and HTML entity encoding is suggested there.

I understand the notion of "output validation" doesn't sound very sexy.
I also understand that it is considered included in the XSS section of
the OWASP guide. But I believe that a lot of folks underestimate or
overlook/neglect the area of validating output for safety and fitness of
date for displaying in a browser.

So I'd like to ask: What can be done to put more educational emphasis
and/or awareness to validation output? What are the thoughts of others
in this forum?

Cheers,
Frank

application/pgp-signature attachment: This is a digitally signed message part

Received on Jun 29 2004

This message: [ Message body ]
Next message: Calderon, Juan Carlos (GE Commercial Finance, NonGE): "RE: ASP security in HTML pages"
Previous message: Wolf, Yonah: "Patching IIS (was - RE: ASP security in HTML pages)"
In reply to: Jeff Williams: "Re: SQL Injection"
Next in thread: Mutallip Ablimit: "RE: SQL Injection"
Reply: Mutallip Ablimit: "RE: SQL Injection"
Reply: gcb33_at_dial.pipex.com: "Re: SQL Injection"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]