|
Penetration Testing
mailing list archives
What is Canonicalization ?
From: dharmeshmm () mastek com
Date: 3 Nov 2005 09:22:58 -0000
Hi,
Different forms of input that resolve to the same standard name (the canonical name), is referred to as
canonicalization.
Code is particularly susceptible to canonicalization issues if it makes security decisions based on the name of a
resource
that is passed to the program as input. Files, paths, and URLs are resource types that are vulnerable to
canonicalization
because in each case there are many different ways to represent the same name. File names are also problematic.
Ideally, your code does not accept input file names. If it does, the name should be converted to its canonical form
prior
to making security decisions, such as whether access should be granted or denied to the specified file.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- What is Canonicalization ? dharmeshmm (Nov 03)
|
Intro
