Home page logo

webappsec logo WebApp Sec mailing list archives

Re: SQL Injection
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 28 Jun 2004 20:34:20 -0500

On Wed, 2004-06-16 at 08:08, Jeff Williams wrote:
Output validation is intended to protect against attempts to inject attacks
into the browser. The most important of these is cross-site scripting, which
is covered by the Top Ten A4, and HTML entity encoding is suggested there.

I understand the notion of "output validation" doesn't sound very sexy.
I also understand that it is considered included in the XSS section of
the OWASP guide. But I believe that a lot of folks underestimate or
overlook/neglect the area of validating output for safety and fitness of
date for displaying in a browser.

So I'd like to ask: What can be done to put more educational emphasis
and/or awareness to validation output? What are the thoughts of others
in this forum?


Attachment: signature.asc
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]